[tor-bugs] #30428 [Core Tor/Tor]: sendme: Failure to validate authenticated SENDMEs client side
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 21 23:37:02 UTC 2019
#30428: sendme: Failure to validate authenticated SENDMEs client side
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-circuit, sendme, 041-must, | Actual Points:
0411-alpha, postfreeze-ok |
Parent ID: #26288 | Points: 1
Reviewer: nickm | Sponsor:
| SponsorV
-------------------------------------------------+-------------------------
Comment (by nickm):
Thanks, I'll review.
One thing to test as we test -- are we doing this at the correct
intervals? The tests prove that the intervals _match_ on both sides, but
not that they match the spec. One way to verify might be to count how
much data we have hashed, and make sure that it is the correct number of
cells, if that makes sense.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30428#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list