[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #30428 [Core Tor/Tor]: sendme: Failure to validate authenticated SENDMEs client side
#30428: sendme: Failure to validate authenticated SENDMEs client side
-------------------------------------------------+-------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status:
| needs_review
Priority: Very High | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-circuit, sendme, 041-must, | Actual Points:
0411-alpha, postfreeze-ok |
Parent ID: #26288 | Points: 1
Reviewer: nickm | Sponsor:
| SponsorV
-------------------------------------------------+-------------------------
Changes (by dgoulet):
* status: merge_ready => needs_review
Comment:
Replying to [comment:12 nickm]:
> Looks good; how are the tests looking?
The new very small commit `4ef8470fa5480d3b` actually broke things when I
tested with the latest chutney `bidi` branch.
Turns out that we needed that `minus 1` on the window. I explain why in
the new commit. I've thus reverted `4ef8470fa5480d3b` as well first and
then new commit:
{{{
19c086365957dc93
sendme: Clarify how sendme_circuit_cell_is_next() works [David Goulet]
6380a2f307ba8f7b
Revert "sendme: Off by one on the SENDME window" [David Goulet]
}}}
This has been quite tested now just to find that issue that was not
showing up reliably for unknown reasons on nickm's `bidi` chutney.
I confirm that the digests matches as expected on both sides.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30428#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs