10365: Close connections if the VERSIONS cell has an odd length.

Fixes issue 10365.

changes/bug10365

@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+
+    - When receving a VERSIONS cell with an odd number of bytes, close
+      the connection immediately. Fix for bug 10365; bugfix on
+      0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987".
+
+

src/or/channeltls.c

@@ -1208,6 +1208,14 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
   tor_assert(chan);
   tor_assert(chan->conn);
 
+  if ((cell->payload_len % 2) == 1) {
+    log_fn(LOG_PROTOCOL_WARN, LD_OR,
+           "Received a VERSION cell with odd payload length %d; "
+           "closing connection.",cell->payload_len);
+    connection_or_close_for_error(chan->conn, 0);
+    return;
+  }
+
   started_here = connection_or_nonopen_was_started_here(chan->conn);
 
   if (chan->conn->link_proto != 0 ||