diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-10-25 10:21:01 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-10-25 10:21:01 -0400 |
commit | 48cdcc9d4ad12b7c57c8ac578db5961da27fde85 (patch) | |
tree | a9fd0982c3cad7b1cfc3dc2323b6ba1cbffb738c | |
parent | e4abac08a2ade5329594dcc220a02b3b680cb9e8 (diff) | |
parent | c442d85439dd406c846e930dedcd8ed4c780d66e (diff) | |
download | tor-48cdcc9d4ad12b7c57c8ac578db5961da27fde85.tar tor-48cdcc9d4ad12b7c57c8ac578db5961da27fde85.tar.gz |
Merge branch 'link_negotiation_assert_024'
-rw-r--r-- | changes/link_negotiation_assert | 6 | ||||
-rw-r--r-- | src/or/channeltls.c | 9 |
2 files changed, 15 insertions, 0 deletions
diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert new file mode 100644 index 000000000..398a54557 --- /dev/null +++ b/changes/link_negotiation_assert @@ -0,0 +1,6 @@ + o Major bugfixs (security): + - Fix a group of remotely triggerable assertion failures related to + incorrect link protocol negotiation. Found, diagnosed, and fixed + by "some guy from France." Fix for CVE-2012-2250; bugfix on + 0.2.3.6-alpha. + diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 4e3c20ab7..d094d15af 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1229,6 +1229,15 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan) "handshake. Closing connection."); connection_or_close_for_error(chan->conn, 0); return; + } else if (highest_supported_version != 2 && + chan->conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V2) { + /* XXXX This should eventually be a log_protocol_warn */ + log_fn(LOG_WARN, LD_OR, + "Negotiated link with non-2 protocol after doing a v2 TLS " + "handshake with %s. Closing connection.", + fmt_addr(&chan->conn->base_.addr)); + connection_or_close_for_error(chan->conn, 0); + return; } chan->conn->link_proto = highest_supported_version; |