[tor-bugs] #8059 [Tor]: miscounting when parsing versions cell
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 26 21:42:16 UTC 2013
#8059: miscounting when parsing versions cell
---------------------------------+------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor | Version:
Keywords: tor-client protocol | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Changes (by nickm):
* keywords: => tor-client protocol
Comment:
Hm. This means that it's possible to negotiate versions in a stupid way:
instead of the byte-sequence A B C D E F meaning "We support AB, CD, EF",
it's taken to mean "We support AB, BC, CD, and DE, and EF."
If there were any two-byte version numbers, that would produce a big
problem. Fortunately there aren't any of those yet.
When we fix this bug, it will make it possible to distinguish clients that
have this bug from clients that don't. That might actually make this bug
less harmful than its fix. Not sure how harmful the fix really is though,
but it's worth considering.
If we wanted to make this bug's behavior documented, we could restrict the
space of valid version numbers so that misframing never becomes possible
in the future. That's ugly though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8059#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list