From af54a0182870babec62bf07d067ca82a67c423de Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 31 May 2012 11:19:35 -0400
Subject: Kill non-open OR connections with any data on their inbufs.

This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
---
 changes/bug6007 | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 changes/bug6007

(limited to 'changes/bug6007')

diff --git a/changes/bug6007 b/changes/bug6007
new file mode 100644
index 000000000..4e815754a
--- /dev/null
+++ b/changes/bug6007
@@ -0,0 +1,5 @@
+  o Major bugfixes (security):
+    - When waiting for a client to renegotiate, don't allow it to add
+      any bytes to the input buffer. This fixes a DoS issue. Fix for
+      bugs 6007 and 5934; bugfix on 0.2.0.20-rc.
+
-- 
cgit v1.2.3