Fix a remotely triggerable assertion failure (CVE-2012-2250)

If we completed the handshake for the v2 link protocol but wound up negotiating the wong protocol version, we'd become so confused about what part of the handshake we were in that we'd promptly die with an assertion. This is a fix for CVE-2012-2250; it's a bugfix on 0.2.3.6-alpha. All servers running that version or later should really upgrade. Bug and fix from "some guy from France." I tweaked his code slightly to make it log the IP of the offending node.
author: Nick Mathewson <nickm@torproject.org> 2012-10-23 22:58:38 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-10-23 22:58:38 -0400
commit: 758428dd32128874cefacc92ef63c1b5bc9a656e (patch)
tree: b0cca05ceabf3871afe66ffc734995b6f3e9c101 /changes
parent: b99457d4295b2329e65f3e01b24b57d5c78ca017 (diff)
download: tor-758428dd32128874cefacc92ef63c1b5bc9a656e.tar
tor-758428dd32128874cefacc92ef63c1b5bc9a656e.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/link_negotiation_assert b/changes/link_negotiation_assert
new file mode 100644
index 000000000..398a54557
--- /dev/null
+++ b/changes/link_negotiation_assert
@@ -0,0 +1,6 @@
+  o Major bugfixs (security):
+    - Fix a group of remotely triggerable assertion failures related to
+      incorrect link protocol negotiation. Found, diagnosed, and fixed
+      by "some guy from France." Fix for CVE-2012-2250; bugfix on
+      0.2.3.6-alpha.
+
author	Nick Mathewson <nickm@torproject.org>	2012-10-23 22:58:38 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-10-23 22:58:38 -0400
commit	758428dd32128874cefacc92ef63c1b5bc9a656e (patch)
tree	b0cca05ceabf3871afe66ffc734995b6f3e9c101 /changes
parent	b99457d4295b2329e65f3e01b24b57d5c78ca017 (diff)
download	tor-758428dd32128874cefacc92ef63c1b5bc9a656e.tar tor-758428dd32128874cefacc92ef63c1b5bc9a656e.tar.gz