Mike Perry
97b4264f39
Bug 40897: Changes file
2023-12-07 18:54:51 +00:00
Mike Perry
cc52f7e5b7
Bug 40897 Bug Bounty: Double the number of max conflux circs
...
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.
This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...
Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.
This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.
Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
2023-12-07 18:37:30 +00:00
Mike Perry
03778a0f34
Bug 40897: Add more checks to free paths
...
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
2023-12-07 18:37:30 +00:00
Mike Perry
d02eb4502a
Bug 40897: Move safety check to proper location and give it error handling.
2023-12-07 18:37:26 +00:00
trinity-1686a
1291d2fca7
update changes file with correct introduced version
2023-12-06 17:42:41 +01:00
Tor CI Release
c97d0b46d1
version: Bump version to 0.4.8.9-dev
2023-11-09 10:10:33 -05:00
Tor CI Release
b9283067ca
version: Bump version to 0.4.8.9
2023-11-09 09:41:10 -05:00
Tor CI Release
825aa705b1
fallbackdir: Update list generated on November 09, 2023
2023-11-09 09:23:59 -05:00
Tor CI Release
f822f24599
Update geoip files to match ipfire location db, 2023/11/09.
2023-11-09 09:23:54 -05:00
David Goulet
be751a46e3
Merge branch 'ticket40883_048_01' into maint-0.4.8
2023-11-09 09:14:19 -05:00
David Goulet
6df27ae953
Merge branch 'tor-gitlab/mr/778' into maint-0.4.8
2023-11-09 09:10:52 -05:00
David Goulet
83aecca561
hs: Always check if the hs_ident is available when processing a cell
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-08 11:17:48 -05:00
David Goulet
e62b8bce5a
hs: Fix assert in hs_metrics_update_by_ident()
...
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-07 13:50:28 -05:00
Tor CI Release
c7d8501da8
version: Bump version to 0.4.8.8-dev
2023-11-03 10:54:00 -04:00
David Goulet
3737585a54
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-11-03 10:53:57 -04:00
Tor CI Release
7c354390f9
version: Bump version to 0.4.7.16-dev
2023-11-03 10:51:10 -04:00
Tor CI Release
f1df34193b
Update geoip files to match ipfire location db, 2023/11/03.
2023-11-03 09:38:29 -04:00
Tor CI Release
ea6d6568e7
fallbackdir: Update list generated on November 03, 2023
2023-11-03 09:38:21 -04:00
David Goulet
f15408f487
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-11-03 09:28:37 -04:00
Tor CI Release
3e82c462ef
version: Bump version to 0.4.8.8
2023-11-03 09:27:51 -04:00
Tor CI Release
3eb98d91e9
version: Bump version to 0.4.7.16
2023-11-03 09:27:38 -04:00
Tor CI Release
6901949d38
fallbackdir: Update list generated on November 03, 2023
2023-11-03 09:25:34 -04:00
Tor CI Release
ee152a421e
Update geoip files to match ipfire location db, 2023/11/03.
2023-11-03 09:25:28 -04:00
David Goulet
a231461ad3
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-11-03 09:13:11 -04:00
David Goulet
4ce54614dd
Sync geoip and fallbackdir from maint 048 before release
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03 09:13:05 -04:00
David Goulet
24dc829b9a
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-11-03 09:04:27 -04:00
Alexander Færøy
7aa496a2e0
Fix TROVE-2023-004: Remote crash when compiled against OpenSSL
...
Fixes #40874
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-11-03 08:52:38 -04:00
Mike Perry
d4d78f5033
Bug 40876 changes file
2023-11-01 19:57:08 +00:00
Mike Perry
6bfadc7a5d
Bug 40876: Extra logging
2023-11-01 19:57:08 +00:00
Mike Perry
d7f14a54fb
Bug 40876: Don't reduce primary list for temporary restrictions
2023-11-01 19:57:07 +00:00
Mike Perry
09685fa038
Changes file for bug 40878
2023-10-30 16:55:11 +00:00
Mike Perry
d9e7759088
Bug 40878: Count a valid conflux linked cell as valid data
...
For vanguards addon.
2023-10-30 16:54:49 +00:00
trinity-1686a
d4f32c83b5
add change file
2023-10-12 18:46:20 +02:00
trinity-1686a
efc7159e08
fix bridge transport statistics
2023-10-12 18:44:54 +02:00
David Goulet
660f4b8f4a
configure: Bump version to 0.4.8.8-dev
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-10-12 12:40:49 -04:00
David Goulet
aa5e8510a3
Merge branch 'bug40869_048' into 'maint-0.4.8'
...
Fix the spelling of maxunmeasur(e)dbw (backport to 0.4.8)
See merge request tpo/core/tor!774
2023-10-11 18:51:44 +00:00
Nick Mathewson
8c22fd4a4d
Fix the spelling of maxunmeasur(e)dbw.
...
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
This commit is a backport of b9b0abd6c2
to 0.4.8.
2023-10-11 10:08:53 -04:00
David Goulet
c11ba9dea8
version: Bump version to 0.4.8.7-dev
...
Signed-off-by: David Goulet <dgoulet@torproject.org>
2023-09-25 10:44:06 -04:00
Tor CI Release
edf395ecf6
version: Bump version to 0.4.8.7
2023-09-25 09:58:15 -04:00
Tor CI Release
f55e344601
fallbackdir: Update list generated on September 25, 2023
2023-09-25 09:51:25 -04:00
Tor CI Release
7675bd9be9
Update geoip files to match ipfire location db, 2023/09/25.
2023-09-25 09:51:25 -04:00
Mike Perry
4dda47839c
Changes file for bug40862
2023-09-21 00:08:01 +00:00
Mike Perry
d499de5813
Bug 40862: Check if circuits are unused more ways
2023-09-20 23:35:36 +00:00
Tor CI Release
03a31dbb68
version: Bump version to 0.4.8.6-dev
2023-09-18 10:57:55 -04:00
David Goulet
e71aa6153b
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-09-18 10:57:45 -04:00
Tor CI Release
d7777c121c
version: Bump version to 0.4.7.15-dev
2023-09-18 10:57:35 -04:00
Tor CI Release
99c55f52e7
version: Bump version to 0.4.8.6
2023-09-18 10:05:42 -04:00
David Goulet
aebfbcc530
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-09-18 10:05:33 -04:00
Tor CI Release
69fdf36dd1
version: Bump version to 0.4.7.15
2023-09-18 10:05:23 -04:00
David Goulet
62c0f9ec79
Merge branch 'maint-0.4.7' into maint-0.4.8
2023-09-18 09:51:59 -04:00