Commit Graph

38910 Commits

Author SHA1 Message Date
Mike Perry
97b4264f39 Bug 40897: Changes file 2023-12-07 18:54:51 +00:00
Mike Perry
cc52f7e5b7 Bug 40897 Bug Bounty: Double the number of max conflux circs
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.

This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...

Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.

This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.

Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
2023-12-07 18:37:30 +00:00
Mike Perry
03778a0f34 Bug 40897: Add more checks to free paths
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
2023-12-07 18:37:30 +00:00
Mike Perry
d02eb4502a Bug 40897: Move safety check to proper location and give it error handling. 2023-12-07 18:37:26 +00:00
trinity-1686a
1291d2fca7 update changes file with correct introduced version 2023-12-06 17:42:41 +01:00
Tor CI Release
c97d0b46d1 version: Bump version to 0.4.8.9-dev 2023-11-09 10:10:33 -05:00
Tor CI Release
b9283067ca version: Bump version to 0.4.8.9 2023-11-09 09:41:10 -05:00
Tor CI Release
825aa705b1 fallbackdir: Update list generated on November 09, 2023 2023-11-09 09:23:59 -05:00
Tor CI Release
f822f24599 Update geoip files to match ipfire location db, 2023/11/09. 2023-11-09 09:23:54 -05:00
David Goulet
be751a46e3 Merge branch 'ticket40883_048_01' into maint-0.4.8 2023-11-09 09:14:19 -05:00
David Goulet
6df27ae953 Merge branch 'tor-gitlab/mr/778' into maint-0.4.8 2023-11-09 09:10:52 -05:00
David Goulet
83aecca561 hs: Always check if the hs_ident is available when processing a cell
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-08 11:17:48 -05:00
David Goulet
e62b8bce5a hs: Fix assert in hs_metrics_update_by_ident()
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.

This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.

This fixes TROVE-2023-006 for which its severity is considered high.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-07 13:50:28 -05:00
Tor CI Release
c7d8501da8 version: Bump version to 0.4.8.8-dev 2023-11-03 10:54:00 -04:00
David Goulet
3737585a54 Merge branch 'maint-0.4.7' into maint-0.4.8 2023-11-03 10:53:57 -04:00
Tor CI Release
7c354390f9 version: Bump version to 0.4.7.16-dev 2023-11-03 10:51:10 -04:00
Tor CI Release
f1df34193b Update geoip files to match ipfire location db, 2023/11/03. 2023-11-03 09:38:29 -04:00
Tor CI Release
ea6d6568e7 fallbackdir: Update list generated on November 03, 2023 2023-11-03 09:38:21 -04:00
David Goulet
f15408f487 Merge branch 'maint-0.4.7' into maint-0.4.8 2023-11-03 09:28:37 -04:00
Tor CI Release
3e82c462ef version: Bump version to 0.4.8.8 2023-11-03 09:27:51 -04:00
Tor CI Release
3eb98d91e9 version: Bump version to 0.4.7.16 2023-11-03 09:27:38 -04:00
Tor CI Release
6901949d38 fallbackdir: Update list generated on November 03, 2023 2023-11-03 09:25:34 -04:00
Tor CI Release
ee152a421e Update geoip files to match ipfire location db, 2023/11/03. 2023-11-03 09:25:28 -04:00
David Goulet
a231461ad3 Merge branch 'maint-0.4.7' into maint-0.4.8 2023-11-03 09:13:11 -04:00
David Goulet
4ce54614dd Sync geoip and fallbackdir from maint 048 before release
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03 09:13:05 -04:00
David Goulet
24dc829b9a Merge branch 'maint-0.4.7' into maint-0.4.8 2023-11-03 09:04:27 -04:00
Alexander Færøy
7aa496a2e0 Fix TROVE-2023-004: Remote crash when compiled against OpenSSL
Fixes #40874

Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03 08:52:38 -04:00
Mike Perry
d4d78f5033 Bug 40876 changes file 2023-11-01 19:57:08 +00:00
Mike Perry
6bfadc7a5d Bug 40876: Extra logging 2023-11-01 19:57:08 +00:00
Mike Perry
d7f14a54fb Bug 40876: Don't reduce primary list for temporary restrictions 2023-11-01 19:57:07 +00:00
Mike Perry
09685fa038 Changes file for bug 40878 2023-10-30 16:55:11 +00:00
Mike Perry
d9e7759088 Bug 40878: Count a valid conflux linked cell as valid data
For vanguards addon.
2023-10-30 16:54:49 +00:00
trinity-1686a
d4f32c83b5
add change file 2023-10-12 18:46:20 +02:00
trinity-1686a
efc7159e08
fix bridge transport statistics 2023-10-12 18:44:54 +02:00
David Goulet
660f4b8f4a configure: Bump version to 0.4.8.8-dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-10-12 12:40:49 -04:00
David Goulet
aa5e8510a3 Merge branch 'bug40869_048' into 'maint-0.4.8'
Fix the spelling of maxunmeasur(e)dbw (backport to 0.4.8)

See merge request tpo/core/tor!774
2023-10-11 18:51:44 +00:00
Nick Mathewson
8c22fd4a4d Fix the spelling of maxunmeasur(e)dbw.
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha.  Fixes bug 40869.

This commit is a backport of b9b0abd6c2 to 0.4.8.
2023-10-11 10:08:53 -04:00
David Goulet
c11ba9dea8 version: Bump version to 0.4.8.7-dev
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-09-25 10:44:06 -04:00
Tor CI Release
edf395ecf6 version: Bump version to 0.4.8.7 2023-09-25 09:58:15 -04:00
Tor CI Release
f55e344601 fallbackdir: Update list generated on September 25, 2023 2023-09-25 09:51:25 -04:00
Tor CI Release
7675bd9be9 Update geoip files to match ipfire location db, 2023/09/25. 2023-09-25 09:51:25 -04:00
Mike Perry
4dda47839c Changes file for bug40862 2023-09-21 00:08:01 +00:00
Mike Perry
d499de5813 Bug 40862: Check if circuits are unused more ways 2023-09-20 23:35:36 +00:00
Tor CI Release
03a31dbb68 version: Bump version to 0.4.8.6-dev 2023-09-18 10:57:55 -04:00
David Goulet
e71aa6153b Merge branch 'maint-0.4.7' into maint-0.4.8 2023-09-18 10:57:45 -04:00
Tor CI Release
d7777c121c version: Bump version to 0.4.7.15-dev 2023-09-18 10:57:35 -04:00
Tor CI Release
99c55f52e7 version: Bump version to 0.4.8.6 2023-09-18 10:05:42 -04:00
David Goulet
aebfbcc530 Merge branch 'maint-0.4.7' into maint-0.4.8 2023-09-18 10:05:33 -04:00
Tor CI Release
69fdf36dd1 version: Bump version to 0.4.7.15 2023-09-18 10:05:23 -04:00
David Goulet
62c0f9ec79 Merge branch 'maint-0.4.7' into maint-0.4.8 2023-09-18 09:51:59 -04:00