| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-05-05 | Fix out-of-bounds read in INTRODUCE2 client auth | John Brooks | |
| The length of auth_data from an INTRODUCE2 cell is checked when the auth_type is recognized (1 or 2), but not for any other non-zero auth_type. Later, auth_data is assumed to have at least REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds read. Fixed by checking auth_len before comparing the descriptor cookie against known clients. Fixes #15823; bugfix on 0.2.1.6-alpha. | |||
 |
index : tor | |
| Transit encryption and privacy out of the box | The Tor Project |
| aboutsummaryrefslogtreecommitdiff |