mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 20:33:31 +01:00
Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files from or.h. Conflicts: src/or/or.h
This commit is contained in:
commit
e908e3a332
7
changes/check-fetched-rend-desc-service-id
Normal file
7
changes/check-fetched-rend-desc-service-id
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
o Security fixes:
|
||||||
|
- When fetching a hidden service descriptor, check that it is for
|
||||||
|
the hidden service we were trying to connect to, in order to
|
||||||
|
stop a directory from pre-seeding a client with a descriptor for
|
||||||
|
a hidden service that they didn't want. Bugfix on 0.0.6.
|
||||||
|
|
||||||
|
|
5
changes/check-public-key-exponents
Normal file
5
changes/check-public-key-exponents
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
o Minor bugfixes:
|
||||||
|
- Require that introduction point keys and onion keys have public
|
||||||
|
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
||||||
|
|
||||||
|
|
@ -733,6 +733,18 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key)
|
|||||||
return PRIVATE_KEY_OK(key);
|
return PRIVATE_KEY_OK(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return true iff <b>env</b> contains a public key whose public exponent
|
||||||
|
* equals 65537.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
crypto_pk_public_exponent_ok(crypto_pk_env_t *env)
|
||||||
|
{
|
||||||
|
tor_assert(env);
|
||||||
|
tor_assert(env->key);
|
||||||
|
|
||||||
|
return BN_is_word(env->key->e, 65537);
|
||||||
|
}
|
||||||
|
|
||||||
/** Compare the public-key components of a and b. Return -1 if a\<b, 0
|
/** Compare the public-key components of a and b. Return -1 if a\<b, 0
|
||||||
* if a==b, and 1 if a\>b.
|
* if a==b, and 1 if a\>b.
|
||||||
*/
|
*/
|
||||||
|
@ -122,6 +122,7 @@ size_t crypto_pk_keysize(crypto_pk_env_t *env);
|
|||||||
crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
|
crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
|
||||||
crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig);
|
crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig);
|
||||||
int crypto_pk_key_is_private(const crypto_pk_env_t *key);
|
int crypto_pk_key_is_private(const crypto_pk_env_t *key);
|
||||||
|
int crypto_pk_public_exponent_ok(crypto_pk_env_t *env);
|
||||||
|
|
||||||
int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
|
int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
|
||||||
const char *from, size_t fromlen, int padding);
|
const char *from, size_t fromlen, int padding);
|
||||||
|
@ -2003,7 +2003,8 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
|
|||||||
(int)body_len, status_code, escaped(reason));
|
(int)body_len, status_code, escaped(reason));
|
||||||
switch (status_code) {
|
switch (status_code) {
|
||||||
case 200:
|
case 200:
|
||||||
if (rend_cache_store(body, body_len, 0) < -1) {
|
if (rend_cache_store(body, body_len, 0,
|
||||||
|
conn->rend_data->onion_address) < -1) {
|
||||||
log_warn(LD_REND,"Failed to parse rendezvous descriptor.");
|
log_warn(LD_REND,"Failed to parse rendezvous descriptor.");
|
||||||
/* Any pending rendezvous attempts will notice when
|
/* Any pending rendezvous attempts will notice when
|
||||||
* connection_about_to_close_connection()
|
* connection_about_to_close_connection()
|
||||||
@ -3271,7 +3272,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
|||||||
!strcmpstart(url,"/tor/rendezvous/publish")) {
|
!strcmpstart(url,"/tor/rendezvous/publish")) {
|
||||||
/* rendezvous descriptor post */
|
/* rendezvous descriptor post */
|
||||||
log_info(LD_REND, "Handling rendezvous descriptor post.");
|
log_info(LD_REND, "Handling rendezvous descriptor post.");
|
||||||
if (rend_cache_store(body, body_len, 1) < 0) {
|
if (rend_cache_store(body, body_len, 1, NULL) < 0) {
|
||||||
log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
|
log_fn(LOG_PROTOCOL_WARN, LD_DIRSERV,
|
||||||
"Rejected rend descriptor (length %d) from %s.",
|
"Rejected rend descriptor (length %d) from %s.",
|
||||||
(int)body_len, conn->_base.address);
|
(int)body_len, conn->_base.address);
|
||||||
|
@ -1015,9 +1015,14 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
|
|||||||
*
|
*
|
||||||
* The published flag tells us if we store the descriptor
|
* The published flag tells us if we store the descriptor
|
||||||
* in our role as directory (1) or if we cache it as client (0).
|
* in our role as directory (1) or if we cache it as client (0).
|
||||||
|
*
|
||||||
|
* If <b>service_id</b> is non-NULL and the descriptor is not for that
|
||||||
|
* service ID, reject it. <b>service_id</b> must be specified if and
|
||||||
|
* only if <b>published</b> is 0 (we fetched this descriptor).
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
rend_cache_store(const char *desc, size_t desc_len, int published)
|
rend_cache_store(const char *desc, size_t desc_len, int published,
|
||||||
|
const char *service_id)
|
||||||
{
|
{
|
||||||
rend_cache_entry_t *e;
|
rend_cache_entry_t *e;
|
||||||
rend_service_descriptor_t *parsed;
|
rend_service_descriptor_t *parsed;
|
||||||
@ -1035,6 +1040,12 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
|
|||||||
rend_service_descriptor_free(parsed);
|
rend_service_descriptor_free(parsed);
|
||||||
return -2;
|
return -2;
|
||||||
}
|
}
|
||||||
|
if ((service_id != NULL) && strcmp(query, service_id)) {
|
||||||
|
log_warn(LD_REND, "Received service descriptor for service ID %s; "
|
||||||
|
"expected descriptor for service ID %s.",
|
||||||
|
query, safe_str(service_id));
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
now = time(NULL);
|
now = time(NULL);
|
||||||
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
|
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
|
||||||
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
log_fn(LOG_PROTOCOL_WARN, LD_REND,
|
||||||
@ -1215,6 +1226,8 @@ rend_cache_store_v2_desc_as_dir(const char *desc)
|
|||||||
* If we have an older descriptor with the same ID, replace it.
|
* If we have an older descriptor with the same ID, replace it.
|
||||||
* If we have any v0 descriptor with the same ID, reject this one in order
|
* If we have any v0 descriptor with the same ID, reject this one in order
|
||||||
* to not get confused with having both versions for the same service.
|
* to not get confused with having both versions for the same service.
|
||||||
|
* If the descriptor's service ID does not match
|
||||||
|
* <b>rend_query</b>-\>onion_address, reject it.
|
||||||
* Return -2 if it's malformed or otherwise rejected; return -1 if we
|
* Return -2 if it's malformed or otherwise rejected; return -1 if we
|
||||||
* already have a v0 descriptor here; return 0 if it's the same or older
|
* already have a v0 descriptor here; return 0 if it's the same or older
|
||||||
* than one we've already got; return 1 if it's novel.
|
* than one we've already got; return 1 if it's novel.
|
||||||
@ -1265,6 +1278,13 @@ rend_cache_store_v2_desc_as_client(const char *desc,
|
|||||||
retval = -2;
|
retval = -2;
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
if (strcmp(rend_query->onion_address, service_id)) {
|
||||||
|
log_warn(LD_REND, "Received service descriptor for service ID %s; "
|
||||||
|
"expected descriptor for service ID %s.",
|
||||||
|
service_id, safe_str(rend_query->onion_address));
|
||||||
|
retval = -2;
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
/* Decode/decrypt introduction points. */
|
/* Decode/decrypt introduction points. */
|
||||||
if (intro_content) {
|
if (intro_content) {
|
||||||
if (rend_query->auth_type != REND_NO_AUTH &&
|
if (rend_query->auth_type != REND_NO_AUTH &&
|
||||||
|
@ -44,7 +44,8 @@ int rend_cache_lookup_desc(const char *query, int version, const char **desc,
|
|||||||
int rend_cache_lookup_entry(const char *query, int version,
|
int rend_cache_lookup_entry(const char *query, int version,
|
||||||
rend_cache_entry_t **entry_out);
|
rend_cache_entry_t **entry_out);
|
||||||
int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc);
|
int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc);
|
||||||
int rend_cache_store(const char *desc, size_t desc_len, int published);
|
int rend_cache_store(const char *desc, size_t desc_len, int published,
|
||||||
|
const char *service_id);
|
||||||
int rend_cache_store_v2_desc_as_client(const char *desc,
|
int rend_cache_store_v2_desc_as_client(const char *desc,
|
||||||
const rend_data_t *rend_query);
|
const rend_data_t *rend_query);
|
||||||
int rend_cache_store_v2_desc_as_dir(const char *desc);
|
int rend_cache_store_v2_desc_as_dir(const char *desc);
|
||||||
|
@ -1462,6 +1462,11 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
tok = find_by_keyword(tokens, K_ONION_KEY);
|
tok = find_by_keyword(tokens, K_ONION_KEY);
|
||||||
|
if (!crypto_pk_public_exponent_ok(tok->key)) {
|
||||||
|
log_warn(LD_DIR,
|
||||||
|
"Relay's onion key had invalid exponent.");
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
router->onion_pkey = tok->key;
|
router->onion_pkey = tok->key;
|
||||||
tok->key = NULL; /* Prevent free */
|
tok->key = NULL; /* Prevent free */
|
||||||
|
|
||||||
@ -4982,10 +4987,22 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed,
|
|||||||
}
|
}
|
||||||
/* Parse onion key. */
|
/* Parse onion key. */
|
||||||
tok = find_by_keyword(tokens, R_IPO_ONION_KEY);
|
tok = find_by_keyword(tokens, R_IPO_ONION_KEY);
|
||||||
|
if (!crypto_pk_public_exponent_ok(tok->key)) {
|
||||||
|
log_warn(LD_REND,
|
||||||
|
"Introduction point's onion key had invalid exponent.");
|
||||||
|
rend_intro_point_free(intro);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
info->onion_key = tok->key;
|
info->onion_key = tok->key;
|
||||||
tok->key = NULL; /* Prevent free */
|
tok->key = NULL; /* Prevent free */
|
||||||
/* Parse service key. */
|
/* Parse service key. */
|
||||||
tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY);
|
tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY);
|
||||||
|
if (!crypto_pk_public_exponent_ok(tok->key)) {
|
||||||
|
log_warn(LD_REND,
|
||||||
|
"Introduction point key had invalid exponent.");
|
||||||
|
rend_intro_point_free(intro);
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
intro->intro_key = tok->key;
|
intro->intro_key = tok->key;
|
||||||
tok->key = NULL; /* Prevent free */
|
tok->key = NULL; /* Prevent free */
|
||||||
/* Add extend info to list of introduction points. */
|
/* Add extend info to list of introduction points. */
|
||||||
|
Loading…
Reference in New Issue
Block a user