The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.
Closes#40910.
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Closes#40891
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.
This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...
Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.
This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.
Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
This has been misspelled when using consensus method 31 or later
since 0.4.6.1-alpha. Fixes bug 40869.
This commit is a backport of b9b0abd6c2 to 0.4.8.