diff options
| -rw-r--r-- | changes/bug8059 | 6 | ||||
| -rw-r--r-- | src/or/channeltls.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug8059 b/changes/bug8059 new file mode 100644 index 000000000..47273ed0a --- /dev/null +++ b/changes/bug8059 @@ -0,0 +1,6 @@ + o Minor bugfixes (protocol conformance): + - Fix a misframing issue when reading the version numbers in a + VERSIONS cell. Previously we would recognize [00 01 00 02] as + 'version 1, version 2, and version 0x100', when it should have + only included versions 1 and 2. Fixes bug 8059; bugfix on + 0.2.0.10-alpha. Reported pseudonymously. diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 1035a1412..60693daeb 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1208,7 +1208,7 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan) tor_assert(chan->conn->handshake_state); end = cell->payload + cell->payload_len; - for (cp = cell->payload; cp+1 < end; ++cp) { + for (cp = cell->payload; cp+1 < end; cp += 2) { uint16_t v = ntohs(get_uint16(cp)); if (is_or_protocol_version_known(v) && v > highest_supported_version) highest_supported_version = v; |