nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't give the Guard flag to relays without the CVE-2011-2768 fix

Browse Source
This commit is contained in:
Robert Ransom 2011-10-25 00:24:15 -07:00 committed by Sebastian Hahn
parent 4d0f152aad
commit 00fffbc1a1
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/issue-2011-10-19L
View File

@ -19,3 +19,10 @@
client is connected to a patched relay. Bugfix on FIXME; found
by frosty_un.
- Don't assign the Guard flag to relays running a version of Tor
which would use an OR connection on which it has received a
CREATE_FAST cell to satisfy an EXTEND request. Mitigates
CVE-2011-2768, by ensuring that clients will not connect
directly to any relay which an attacker could probe for an
unpatched client's connections.

71
src/or/dirserv.c
View File

@ -2251,6 +2251,74 @@ get_possible_sybil_list(const smartlist_t *routers)
return omit_as_sybil;
}
/** Return non-zero iff a relay running the Tor version specified in
* <b>platform</b> is suitable for use as a potential entry guard. */
static int
is_router_version_good_for_possible_guard(const char *platform)
{
static int parsed_versions_initialized = 0;
static tor_version_t first_good_0_2_1_guard_version;
static tor_version_t first_good_0_2_2_guard_version;
static tor_version_t first_good_later_guard_version;
tor_version_t router_version;
/* XXX023 This block should be extracted into its own function. */
/* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
{
char *s, *s2, *start;
char tmp[128];
tor_assert(platform);
if (strcmpstart(platform,"Tor ")) /* nonstandard Tor; be safe and say yes */
return 1;
start = (char *)eat_whitespace(platform+3);
if (!*start) return 0;
s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
s2 = (char*)eat_whitespace(s);
if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-"))
s = (char*)find_whitespace(s2);
if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
return 0;
strlcpy(tmp, start, s-start+1);
if (tor_version_parse(tmp, &router_version)<0) {
log_info(LD_DIR,"Router version '%s' unparseable.",tmp);
return 1; /* be safe and say yes */
}
}
/* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */
if (!parsed_versions_initialized) {
/* CVE-2011-2769 was fixed on the relay side in Tor versions
* 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */
tor_assert(tor_version_parse("0.2.1.31",
&first_good_0_2_1_guard_version)>=0);
tor_assert(tor_version_parse("0.2.2.34",
&first_good_0_2_2_guard_version)>=0);
tor_assert(tor_version_parse("0.2.3.6-alpha",
&first_good_later_guard_version)>=0);
/* Don't parse these constant version strings once for every relay
* for every vote. */
parsed_versions_initialized = 1;
}
return ((tor_version_same_series(&first_good_0_2_1_guard_version,
&router_version) &&
tor_version_compare(&first_good_0_2_1_guard_version,
&router_version) <= 0) ||
(tor_version_same_series(&first_good_0_2_2_guard_version,
&router_version) &&
tor_version_compare(&first_good_0_2_2_guard_version,
&router_version) <= 0) ||
(tor_version_compare(&first_good_later_guard_version,
&router_version) <= 0));
}
/** Extract status information from <b>ri</b> and from other authority
* functions and store it in <b>rs</b>>. If <b>naming</b>, consider setting
* the named flag in <b>rs</b>.
@ -2294,7 +2362,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
(router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD ||
router_get_advertised_bandwidth(ri) >=
MIN(guard_bandwidth_including_exits,
guard_bandwidth_excluding_exits))) {
guard_bandwidth_excluding_exits)) &&
is_router_version_good_for_possible_guard(ri->platform)) {
long tk = rep_hist_get_weighted_time_known(
ri->cache_info.identity_digest, now);
double wfu = rep_hist_get_weighted_fractional_uptime(