--- /dev/null
+ o Major bugfixes:
+
+ - Fix an uninitialized read that could (in some cases) lead to a remote
+ crash while parsing INTRODUCE 1 cells. (This is, so far as we know,
+ unrelated to the recent news.) Fixes bug XXX; bugfix on
+ 0.2.4.1-alpha. Anybody running a hidden service on the experimental
+ 0.2.4.x branch should upgrade.
+
}
}
- /* Check that we actually have everything up to the timestamp */
- if (plaintext_len < (size_t)(ts_offset)) {
+ /* Check that we actually have everything up through the timestamp */
+ if (plaintext_len < (size_t)(ts_offset)+4) {
if (err_msg_out) {
tor_asprintf(err_msg_out,
"truncated plaintext of encrypted parted of "
memcpy(intro->u.v3.auth_data, buf + 4, intro->u.v3.auth_len);
}
- /*
- * Apparently we don't use the timestamp any more, but might as well copy
- * over just in case we ever care about it.
- */
- intro->u.v3.timestamp = ntohl(get_uint32(buf + ts_offset));
-
/*
* From here on, the format is as in v2, so we call the v2 parser with
* adjusted buffer and length. We are 4 + ts_offset octets in, but the
projects / thirdparty / tor.git / commitdiff
