[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9901 [TorBrowserButton]: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of content are sent
#9901: DoS of TBB 2.4/3.0 when no Content-Type header and more than 512 bytes of
content are sent
----------------------------------+----------------------------------
Reporter: sqrt2 | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb dos content-type
Actual Points: | Parent ID:
Points: |
----------------------------------+----------------------------------
Changes (by cypherpunks):
* status: new => needs_review
Comment:
Problem is "return null" from external-app-blocker.js
Removing it solves everything except spamming of error console with
warning, that is why hack with returning null was needed in first place.
Proposed new hack solves noise in console by returning string "text/plain"
that code can accept. Code will use "text/plain" anyway for case like this
ticket describes. Hopes nothing another will be broken with new hack. Need
to test.
Patch attached to ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9901#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs