diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-08-02 01:29:53 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-08-02 01:29:53 +0000 |
| commit | b80048a65e3f8676e645f4e4b338de8e5db81337 (patch) | |
| tree | 79fb0e60c853ea48c19b38e505126a66a485feac | |
| parent | 0305f492587013601a526a426c80d09156493e69 (diff) | |
| download | tor-b80048a65e3f8676e645f4e4b338de8e5db81337.tar.gz tor-b80048a65e3f8676e645f4e4b338de8e5db81337.zip | |
r13894@Kushana: nickm | 2007-08-01 18:29:39 -0700
Close immediately after anything but a successful authentication attempt on the control port. [Backport.] Isn't Defcon _fun_, kids?
svn:r11017
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | src/or/control.c | 4 |
2 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,9 @@ +Changes in version 0.1.2.16 - 2007-08-01 + o Major security fixes: + - Close immediately after missing authentication on control port; + do not allow multiple authentication attempts. + + Changes in version 0.1.2.15 - 2007-07-17 o Major bugfixes (compilation): - Fix compile on FreeBSD/NetBSD/OpenBSD. Oops. diff --git a/src/or/control.c b/src/or/control.c index 6a1006347b..4baf9f6289 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1221,6 +1221,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, "password? If so, the standard requires that you put it in " "double quotes.\r\n", conn); tor_free(password); + connection_mark_for_close(TO_CONN(conn)); return 0; } password_len = i/2; @@ -1231,6 +1232,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, if (!get_escaped_string(body, len, &password, &password_len)) { connection_write_str_to_buf("551 Invalid quoted string. You need " "to put the password in double quotes.\r\n", conn); + connection_mark_for_close(TO_CONN(conn)); return 0; } used_quoted_string = 1; @@ -1287,6 +1289,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n", errstr); } + connection_mark_for_close(TO_CONN(conn)); return 0; ok: log_info(LD_CONTROL, "Authenticated control connection (%d)", conn->_base.s); @@ -2818,6 +2821,7 @@ connection_control_process_inbuf_v1(control_connection_t *conn) if (conn->_base.state == CONTROL_CONN_STATE_NEEDAUTH_V1 && strcasecmp(conn->incoming_cmd, "AUTHENTICATE")) { connection_write_str_to_buf("514 Authentication required.\r\n", conn); + connection_mark_for_close(TO_CONN(conn)); conn->incoming_cmd_cur_len = 0; goto again; } |