mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-01 08:03:31 +01:00
Merge remote-tracking branch 'rransom-tor/bug3332-v2'
This commit is contained in:
commit
a857f61e27
9
changes/bug3332
Normal file
9
changes/bug3332
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
o Minor bugfixes:
|
||||||
|
- Assert that hidden-service-related operations are not performed
|
||||||
|
using single-hop circuits. Previously, Tor would assert that
|
||||||
|
client-side streams are not attached to single-hop circuits, but
|
||||||
|
not that other sensitive operations on the client and service
|
||||||
|
side are not performed using single-hop circuits. Fixes bug
|
||||||
|
3332; bugfix on 0.0.6.
|
||||||
|
|
||||||
|
|
@ -858,6 +858,20 @@ directory_initiate_command(const char *address, const tor_addr_t *_addr,
|
|||||||
if_modified_since, NULL);
|
if_modified_since, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return non-zero iff a directory connection with purpose
|
||||||
|
* <b>dir_purpose</b> reveals sensitive information about a Tor
|
||||||
|
* instance's client activities. (Such connections must be performed
|
||||||
|
* through normal three-hop Tor circuits.) */
|
||||||
|
static int
|
||||||
|
is_sensitive_dir_purpose(uint8_t dir_purpose)
|
||||||
|
{
|
||||||
|
return ((dir_purpose == DIR_PURPOSE_FETCH_RENDDESC) ||
|
||||||
|
(dir_purpose == DIR_PURPOSE_HAS_FETCHED_RENDDESC) ||
|
||||||
|
(dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC) ||
|
||||||
|
(dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) ||
|
||||||
|
(dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2));
|
||||||
|
}
|
||||||
|
|
||||||
/** Same as directory_initiate_command(), but accepts rendezvous data to
|
/** Same as directory_initiate_command(), but accepts rendezvous data to
|
||||||
* fetch a hidden service descriptor. */
|
* fetch a hidden service descriptor. */
|
||||||
static void
|
static void
|
||||||
@ -892,6 +906,9 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr,
|
|||||||
|
|
||||||
log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
|
log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
|
||||||
|
|
||||||
|
tor_assert(!(is_sensitive_dir_purpose(dir_purpose) &&
|
||||||
|
!anonymized_connection));
|
||||||
|
|
||||||
/* ensure that we don't make direct connections when a SOCKS server is
|
/* ensure that we don't make direct connections when a SOCKS server is
|
||||||
* configured. */
|
* configured. */
|
||||||
if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
|
if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
|
||||||
|
@ -145,6 +145,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
|||||||
tor_assert(rendcirc->rend_data);
|
tor_assert(rendcirc->rend_data);
|
||||||
tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
|
tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
|
||||||
rendcirc->rend_data->onion_address));
|
rendcirc->rend_data->onion_address));
|
||||||
|
tor_assert(!(introcirc->build_state->onehop_tunnel));
|
||||||
|
tor_assert(!(rendcirc->build_state->onehop_tunnel));
|
||||||
|
|
||||||
if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
|
if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
|
||||||
&entry) < 1) {
|
&entry) < 1) {
|
||||||
@ -335,6 +337,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
|
|||||||
}
|
}
|
||||||
|
|
||||||
tor_assert(circ->build_state->chosen_exit);
|
tor_assert(circ->build_state->chosen_exit);
|
||||||
|
tor_assert(!(circ->build_state->onehop_tunnel));
|
||||||
tor_assert(circ->rend_data);
|
tor_assert(circ->rend_data);
|
||||||
|
|
||||||
if (request_len == 0) {
|
if (request_len == 0) {
|
||||||
@ -346,6 +349,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
|
|||||||
rendcirc = circuit_get_by_rend_query_and_purpose(
|
rendcirc = circuit_get_by_rend_query_and_purpose(
|
||||||
circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
|
circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
|
||||||
if (rendcirc) { /* remember the ack */
|
if (rendcirc) { /* remember the ack */
|
||||||
|
tor_assert(!(rendcirc->build_state->onehop_tunnel));
|
||||||
rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
|
rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
|
||||||
/* Set timestamp_dirty, because circuit_expire_building expects
|
/* Set timestamp_dirty, because circuit_expire_building expects
|
||||||
* it to specify when a circuit entered the
|
* it to specify when a circuit entered the
|
||||||
|
@ -905,6 +905,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
|
|||||||
time_t *access_time;
|
time_t *access_time;
|
||||||
const or_options_t *options = get_options();
|
const or_options_t *options = get_options();
|
||||||
|
|
||||||
|
tor_assert(!(circuit->build_state->onehop_tunnel));
|
||||||
tor_assert(circuit->rend_data);
|
tor_assert(circuit->rend_data);
|
||||||
|
|
||||||
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
|
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
|
||||||
@ -1359,6 +1360,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
|
|||||||
crypto_pk_env_t *intro_key;
|
crypto_pk_env_t *intro_key;
|
||||||
|
|
||||||
tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
|
tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
|
||||||
|
tor_assert(!(circuit->build_state->onehop_tunnel));
|
||||||
tor_assert(circuit->cpath);
|
tor_assert(circuit->cpath);
|
||||||
tor_assert(circuit->rend_data);
|
tor_assert(circuit->rend_data);
|
||||||
|
|
||||||
@ -1501,6 +1503,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
|
|||||||
tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
|
tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
|
||||||
tor_assert(circuit->cpath);
|
tor_assert(circuit->cpath);
|
||||||
tor_assert(circuit->build_state);
|
tor_assert(circuit->build_state);
|
||||||
|
tor_assert(!(circuit->build_state->onehop_tunnel));
|
||||||
tor_assert(circuit->rend_data);
|
tor_assert(circuit->rend_data);
|
||||||
hop = circuit->build_state->pending_final_cpath;
|
hop = circuit->build_state->pending_final_cpath;
|
||||||
tor_assert(hop);
|
tor_assert(hop);
|
||||||
|
Loading…
Reference in New Issue
Block a user