onion-tunnel: Properly advance the payload (!291) · Merge requests · The Tor Project / Core / onionmasq

Clara Engler requested to merge cve/onionmasq:dev/cve/parser-hop-fix into main Oct 03, 2024

This commit fixes a potential bug that occurred during testing, namely that the tail of an IPv6 hop by hop header minus the first two bytes gets prepended to the next item in the IPv6 frame.

I believe this issue is primarily caused by the fact, ext_repr.header_len() returns the constant 2, no matter what.

This behavior is wrong, because the smallest hop by hop package is 8 bytes long. Fortunately, adding the length of the data to it, seems to be a fix.

onion-tunnel: Properly advance the payload

Merge request reports