| commit | adb248b6d6e0779719e6b873ee12a1e22fa390f4 | |
| author | David Goulet <dgoulet@torproject.org> | |
| Thu, 3 Jun 2021 13:33:21 +0000 (3 09:33 -0400) | ||
| committer | Nick Mathewson <nickm@torproject.org> | |
| Thu, 10 Jun 2021 12:50:05 +0000 (10 08:50 -0400) | ||
| tree | e8f633706ef4013390d413f9f37708113b6e9a9d | treesnapshot (tar.gz zip) |
| parent | d71bf986b4faf7cb3b654192bc67d5b674cfcf02 | commitdiff |
TROVE-2021-003: Check layer_hint before half-closed end and resolve cells
This issue was reported by Jann Horn part of Google's Project Zero.
Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.
Fixes #40389
This issue was reported by Jann Horn part of Google's Project Zero.
Jann's one-sentence summary: entry/middle relays can spoof RELAY_END cells on
half-closed streams, which can lead to stream confusion between OP and
exit.
Fixes #40389
| changes/ticket40389 | [new file with mode: 0644] | blob |
| src/core/or/relay.c | diffblobblamehistory |