Loading changes/trove-2017-004 +2 −2 Original line number Diff line number Diff line o Major bugfixes (hidden service, relay, security): - Fix an assertion failure when an hidden service handles a - Fix an assertion failure when a hidden service handles a malformed BEGIN cell. This bug resulted in the service crashing triggered by a tor_assert(). Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on tor-0.3.0.1-alpha. TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. Found by armadev. changes/trove-2017-005 0 → 100644 +7 −0 Original line number Diff line number Diff line o Major bugfixes (hidden service, relay, security): - Fix an assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found by armadev. src/or/relay.c +2 −1 Original line number Diff line number Diff line Loading @@ -1636,7 +1636,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } if (rh.command == RELAY_COMMAND_BEGIN_DIR) { if (rh.command == RELAY_COMMAND_BEGIN_DIR && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir * connection will be assigned the same ID when they are created Loading Loading
changes/trove-2017-004 +2 −2 Original line number Diff line number Diff line o Major bugfixes (hidden service, relay, security): - Fix an assertion failure when an hidden service handles a - Fix an assertion failure when a hidden service handles a malformed BEGIN cell. This bug resulted in the service crashing triggered by a tor_assert(). Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on tor-0.3.0.1-alpha. TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. Found by armadev.
changes/trove-2017-005 0 → 100644 +7 −0 Original line number Diff line number Diff line o Major bugfixes (hidden service, relay, security): - Fix an assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found by armadev.
src/or/relay.c +2 −1 Original line number Diff line number Diff line Loading @@ -1636,7 +1636,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } if (rh.command == RELAY_COMMAND_BEGIN_DIR) { if (rh.command == RELAY_COMMAND_BEGIN_DIR && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir * connection will be assigned the same ID when they are created Loading
