mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default. Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
This commit is contained in:
parent
e3bf8854c8
commit
0a3009bb85
12
changes/bug20012
Normal file
12
changes/bug20012
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
o Major bugfixes (hidden services):
|
||||||
|
- Clients require hidden services to include the TAP keys
|
||||||
|
for their intro points in the hidden service descriptor.
|
||||||
|
This prevents an inadvertent upgrade to ntor, which a
|
||||||
|
malicious hidden service could use to discover which
|
||||||
|
consensus a client has.
|
||||||
|
Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
|
||||||
|
o Minor bugfixes (hidden services):
|
||||||
|
- Stop logging intro point details to the client log on
|
||||||
|
certain error conditions.
|
||||||
|
Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha.
|
||||||
|
Patch by teor.
|
@ -1373,40 +1373,15 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
|
|||||||
smartlist_del(usable_nodes, i);
|
smartlist_del(usable_nodes, i);
|
||||||
goto again;
|
goto again;
|
||||||
}
|
}
|
||||||
/* Do we need to look up the router or is the extend info complete? */
|
/* All version 2 HS descriptors come with a TAP onion key.
|
||||||
|
* Clients used to try to get the TAP onion key from the consensus, but this
|
||||||
|
* meant that hidden services could discover which consensus clients have. */
|
||||||
if (!extend_info_supports_tap(intro->extend_info)) {
|
if (!extend_info_supports_tap(intro->extend_info)) {
|
||||||
const node_t *node;
|
log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
|
||||||
extend_info_t *new_extend_info;
|
"intro-point relay '%s'; trying another.",
|
||||||
if (tor_digest_is_zero(intro->extend_info->identity_digest))
|
safe_str_client(extend_info_describe(intro->extend_info)));
|
||||||
node = node_get_by_hex_id(intro->extend_info->nickname);
|
smartlist_del(usable_nodes, i);
|
||||||
else
|
goto again;
|
||||||
node = node_get_by_id(intro->extend_info->identity_digest);
|
|
||||||
if (!node) {
|
|
||||||
log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
|
|
||||||
intro->extend_info->nickname);
|
|
||||||
smartlist_del(usable_nodes, i);
|
|
||||||
goto again;
|
|
||||||
}
|
|
||||||
#ifdef ENABLE_TOR2WEB_MODE
|
|
||||||
new_extend_info = extend_info_from_node(node, options->Tor2webMode);
|
|
||||||
#else
|
|
||||||
new_extend_info = extend_info_from_node(node, 0);
|
|
||||||
#endif
|
|
||||||
if (!new_extend_info) {
|
|
||||||
const char *alternate_reason = "";
|
|
||||||
#ifdef ENABLE_TOR2WEB_MODE
|
|
||||||
alternate_reason = ", or we cannot connect directly to it";
|
|
||||||
#endif
|
|
||||||
log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
|
|
||||||
"'%s'%s; trying another.",
|
|
||||||
extend_info_describe(intro->extend_info), alternate_reason);
|
|
||||||
smartlist_del(usable_nodes, i);
|
|
||||||
goto again;
|
|
||||||
} else {
|
|
||||||
extend_info_free(intro->extend_info);
|
|
||||||
intro->extend_info = new_extend_info;
|
|
||||||
}
|
|
||||||
tor_assert(intro->extend_info != NULL);
|
|
||||||
}
|
}
|
||||||
/* Check if we should refuse to talk to this router. */
|
/* Check if we should refuse to talk to this router. */
|
||||||
if (strict &&
|
if (strict &&
|
||||||
|
Loading…
Reference in New Issue
Block a user