diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | src/or/relay.c | 2 |
2 files changed, 6 insertions, 1 deletions
@@ -1,4 +1,9 @@ Changes in version 0.2.2.1-alpha - 2009-??-?? + o Security fixes: + - Fix an edge case where a malicious exit relay could convince a + controller that the client's DNS question resolves to an internal IP + address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta. + o Major features: - Add support for dynamic OpenSSL hardware crypto acceleration engines via new AccelName and AccelDir options. diff --git a/src/or/relay.c b/src/or/relay.c index 4e09c0040..e9baac6a4 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -947,7 +947,7 @@ connection_edge_process_relay_cell_not_open( cell->payload+RELAY_HEADER_SIZE+2, /*answer*/ ttl, -1); - if (answer_type == RESOLVED_TYPE_IPV4) { + if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) { uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+2)); remap_event_helper(conn, addr); } |