[tor-commits] [tor/master] 10365: Close connections if the VERSIONS cell has an odd length.
nickm at torproject.org
nickm at torproject.org
Mon Feb 3 18:14:40 UTC 2014
commit 881c7c0f7d86af501f7eeb34b021636af85d186f
Author: rl1987 <rl1987 at sdf.lonestar.org>
Date: Tue Dec 24 21:50:58 2013 +0200
10365: Close connections if the VERSIONS cell has an odd length.
Fixes issue 10365.
---
changes/bug10365 | 7 +++++++
src/or/channeltls.c | 8 ++++++++
2 files changed, 15 insertions(+)
diff --git a/changes/bug10365 b/changes/bug10365
new file mode 100644
index 0000000..f7a1515
--- /dev/null
+++ b/changes/bug10365
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+
+ - When receving a VERSIONS cell with an odd number of bytes, close
+ the connection immediately. Fix for bug 10365; bugfix on
+ 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987".
+
+
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 4943054..9a29077 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1208,6 +1208,14 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
tor_assert(chan);
tor_assert(chan->conn);
+ if ((cell->payload_len % 2) == 1) {
+ log_fn(LOG_PROTOCOL_WARN, LD_OR,
+ "Received a VERSION cell with odd payload length %d; "
+ "closing connection.",cell->payload_len);
+ connection_or_close_for_error(chan->conn, 0);
+ return;
+ }
+
started_here = connection_or_nonopen_was_started_here(chan->conn);
if (chan->conn->link_proto != 0 ||
More information about the tor-commits
mailing list