[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent

Subject: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 18 Jan 2014 05:33:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 18 Jan 2014 00:32:57 -0500
In-reply-to: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.67f49b7a0c6561be3adf41b4106c935f@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+---------------------------
     Reporter:  sqrt2             |      Owner:  mikeperry
         Type:  defect            |     Status:  new
     Priority:  normal            |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------

Comment (by mikeperry):

 Wild guess: What happens if we return "" instead of NULL or "text/plain"?
 The key property we want is for the content sniffing to still kick in if
 the type is empty, rather than hack it to some default type and have
 behavior change.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Next by Author: Re: [tor-bugs] #9353 [Tor bundles/installation]: Keyboard does not work in 64-bit TBB 2.3.25-10 and 3.0 when ibus is running
Previous by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Next by thread: Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
Index(es):
- Author
- Thread