[tor-bugs] #15823 [Tor]: Out-of-bounds read in INTRODUCE2 with client authorization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Apr 26 05:10:44 UTC 2015
#15823: Out-of-bounds read in INTRODUCE2 with client authorization
-------------------------+--------------------------------
Reporter: special | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-hs
Actual Points: | Parent ID:
Points: |
-------------------------+--------------------------------
Changes (by special):
* status: new => needs_review
Comment:
Minimal fix:
https://github.com/special/tor/compare/bug15823
I haven't actually reproduced this case to test it so far.
I think we should also reject INTRODUCE2 cells with an unknown auth_type,
instead of assuming we understand how to use them, but that would be a
separate patch.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15823#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list