[tor-bugs] #16411 [Tor]: Variable-length cells can lie about their length
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 22 20:42:00 UTC 2015
#16411: Variable-length cells can lie about their length
------------------------+------------------------
Reporter: nsk | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version: Tor: 0.2.7
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------+------------------------
Comment (by nickm):
I don't see a bug here. The only way that this kind of corruption happens
is if, on an OR connection, one party misreports the length of a variable-
length cell in order to corrupt later traffic. But if they want to do
that, they can already corrupt later traffic by just modifying it. Either
party on a TLS stream can send anything they want on the TLS stream.
In other words, relays could modify and drop and corrupt cells even if
variable-length cells didn't exist. The defenses against that are
elsewhere in the protocol.
Closing as not-a-bug unless somebody objects?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16411#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list