Check answer_len in the remap_addr case of process_relay_cell_not_open.

Fix an edge case where a malicious exit relay could convince a controller that the client's DNS question resolves to an internal IP address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
author: Roger Dingledine <arma@mit.edu> 2009-06-12 11:18:02 -0400
committer: Nick Mathewson <nickm@torproject.org> 2009-06-12 11:18:02 -0400
commit: cb1617f18e94b244dc0847658e006057040dcc37 (patch)
tree: 2fde225a99244539b3a48bda27bbdd7e4592e1d0 /ChangeLog
parent: 77f5ad6b07dcdd3271d56f5e9edde3dc56ffe411 (diff)
download: tor-cb1617f18e94b244dc0847658e006057040dcc37.tar.gz
tor-cb1617f18e94b244dc0847658e006057040dcc37.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 3afc590258..4d43e7a6f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
 Changes in version 0.2.2.1-alpha - 2009-??-??
+  o Security fixes:
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
   o Major features:
     - Add support for dynamic OpenSSL hardware crypto acceleration engines
       via new AccelName and AccelDir options.
author	Roger Dingledine <arma@mit.edu>	2009-06-12 11:18:02 -0400
committer	Nick Mathewson <nickm@torproject.org>	2009-06-12 11:18:02 -0400
commit	cb1617f18e94b244dc0847658e006057040dcc37 (patch)
tree	2fde225a99244539b3a48bda27bbdd7e4592e1d0 /ChangeLog
parent	77f5ad6b07dcdd3271d56f5e9edde3dc56ffe411 (diff)
download	tor-cb1617f18e94b244dc0847658e006057040dcc37.tar.gz tor-cb1617f18e94b244dc0847658e006057040dcc37.zip