From 0a3009bb85d5675e1565020de08df1081e52253c Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 31 Aug 2016 15:10:58 +1000 Subject: [PATCH] Stop inadvertently upgrading client intro connections to ntor Also stop logging the intro point details on error by default. Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha. --- changes/bug20012 | 12 ++++++++++++ src/or/rendclient.c | 41 ++++++++--------------------------------- 2 files changed, 20 insertions(+), 33 deletions(-) create mode 100644 changes/bug20012 diff --git a/changes/bug20012 b/changes/bug20012 new file mode 100644 index 0000000000..f67ee65867 --- /dev/null +++ b/changes/bug20012 @@ -0,0 +1,12 @@ + o Major bugfixes (hidden services): + - Clients require hidden services to include the TAP keys + for their intro points in the hidden service descriptor. + This prevents an inadvertent upgrade to ntor, which a + malicious hidden service could use to discover which + consensus a client has. + Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. + o Minor bugfixes (hidden services): + - Stop logging intro point details to the client log on + certain error conditions. + Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. + Patch by teor. diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 3a742fec0a..263dd3d876 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -1373,40 +1373,15 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, smartlist_del(usable_nodes, i); goto again; } - /* Do we need to look up the router or is the extend info complete? */ + /* All version 2 HS descriptors come with a TAP onion key. + * Clients used to try to get the TAP onion key from the consensus, but this + * meant that hidden services could discover which consensus clients have. */ if (!extend_info_supports_tap(intro->extend_info)) { - const node_t *node; - extend_info_t *new_extend_info; - if (tor_digest_is_zero(intro->extend_info->identity_digest)) - node = node_get_by_hex_id(intro->extend_info->nickname); - else - node = node_get_by_id(intro->extend_info->identity_digest); - if (!node) { - log_info(LD_REND, "Unknown router with nickname '%s'; trying another.", - intro->extend_info->nickname); - smartlist_del(usable_nodes, i); - goto again; - } -#ifdef ENABLE_TOR2WEB_MODE - new_extend_info = extend_info_from_node(node, options->Tor2webMode); -#else - new_extend_info = extend_info_from_node(node, 0); -#endif - if (!new_extend_info) { - const char *alternate_reason = ""; -#ifdef ENABLE_TOR2WEB_MODE - alternate_reason = ", or we cannot connect directly to it"; -#endif - log_info(LD_REND, "We don't have a descriptor for the intro-point relay " - "'%s'%s; trying another.", - extend_info_describe(intro->extend_info), alternate_reason); - smartlist_del(usable_nodes, i); - goto again; - } else { - extend_info_free(intro->extend_info); - intro->extend_info = new_extend_info; - } - tor_assert(intro->extend_info != NULL); + log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the " + "intro-point relay '%s'; trying another.", + safe_str_client(extend_info_describe(intro->extend_info))); + smartlist_del(usable_nodes, i); + goto again; } /* Check if we should refuse to talk to this router. */ if (strict &&