Validate ed25519 keys and canonicity from circuit_n_conn_done()

Fixes bug 40080. Bugfix on 0.2.7.2-alpha.
author: Nick Mathewson <nickm@torproject.org> 2020-08-06 11:47:01 -0400
committer: Nick Mathewson <nickm@torproject.org> 2020-08-06 15:59:28 -0400
commit: afb6ff17390cb13780c6e813ad0535048dbd9d3c (patch)
tree: 8da0d2b916632eb18c7e80c9420b1fdd85a0b046 /changes/bug40080
parent: c4742b89b23d58958ee0d5ca324dac5948c94bf6 (diff)
download: tor-afb6ff17390cb13780c6e813ad0535048dbd9d3c.tar.gz
tor-afb6ff17390cb13780c6e813ad0535048dbd9d3c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/bug40080 b/changes/bug40080
new file mode 100644
index 0000000000..8162466354
--- /dev/null
+++ b/changes/bug40080
@@ -0,0 +1,6 @@
+  o Minor bugfixes (security):
+    - When completing a channel, relays now check more thoroughly to make
+      sure that it matches any pending circuits before attaching those
+      circuits. Previously, address correctness and Ed25519 identities were not
+      checked in this case, but only when extending circuits on an existing
+      channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha.
author	Nick Mathewson <nickm@torproject.org>	2020-08-06 11:47:01 -0400
committer	Nick Mathewson <nickm@torproject.org>	2020-08-06 15:59:28 -0400
commit	afb6ff17390cb13780c6e813ad0535048dbd9d3c (patch)
tree	8da0d2b916632eb18c7e80c9420b1fdd85a0b046 /changes/bug40080
parent	c4742b89b23d58958ee0d5ca324dac5948c94bf6 (diff)
download	tor-afb6ff17390cb13780c6e813ad0535048dbd9d3c.tar.gz tor-afb6ff17390cb13780c6e813ad0535048dbd9d3c.zip