mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-20 10:12:15 +01:00
2b27ce52d2
The length of auth_data from an INTRODUCE2 cell is checked when the auth_type is recognized (1 or 2), but not for any other non-zero auth_type. Later, auth_data is assumed to have at least REND_DESC_COOKIE_LEN bytes, leading to a client-triggered out of bounds read. Fixed by checking auth_len before comparing the descriptor cookie against known clients. Fixes #15823; bugfix on 0.2.1.6-alpha. |
||
---|---|---|
changes | ||
contrib | ||
doc | ||
m4 | ||
scripts | ||
src | ||
.gitignore | ||
acinclude.m4 | ||
autogen.sh | ||
ChangeLog | ||
configure.ac | ||
Doxyfile.in | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
Makefile.nmake | ||
README | ||
ReleaseNotes |
Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly. To build Tor from source: ./configure && make && make install Home page: https://www.torproject.org/ Download new versions: https://www.torproject.org/download/download.html Documentation, including links to installation and setup instructions: https://www.torproject.org/docs/documentation.html Making applications work with Tor: https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Frequently Asked Questions: https://www.torproject.org/docs/faq.html To get started working on Tor development: See the doc/HACKING file.