Commit Graph

28168 Commits

Author SHA1 Message Date
Nick Mathewson
240bb17714 uint breaks compilation on windows 2018-05-22 12:54:05 -04:00
Nick Mathewson
074b182baa version bump to 0.3.3.6 2018-05-22 12:40:18 -04:00
Isis Lovecruft
569b4e57e2 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:27:25 -04:00
Nick Mathewson
a3a8d80beb Merge branch 'trove-2018-005_032' into trove-2018-005_033 2018-05-22 12:27:15 -04:00
Nick Mathewson
d2bc019053 changes file for TROVE-2018-005 2018-05-22 12:26:23 -04:00
Nick Mathewson
bc2d6876b3 Add stdbool to protover.h. Only needed for the 032 backport 2018-05-22 12:15:52 -04:00
Isis Lovecruft
b681438daf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:13:41 -04:00
Isis Lovecruft
eb96692842 protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:12:01 -04:00
Nick Mathewson
6c35ad08cf Add a missing "return -1" when checking for Ed25519 ID loops
Fixes bug 26158; bugfix on 0.3.0.1-alpha.
2018-05-22 08:54:17 -04:00
Nick Mathewson
3d12663243 Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-22 08:35:37 -04:00
Nick Mathewson
3c4353179f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-16 12:11:45 -04:00
Nick Mathewson
8340f641c3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-16 12:11:45 -04:00
Nick Mathewson
d3a972561a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-16 12:11:45 -04:00
Nick Mathewson
d1e4ffc710 Merge branch 'bug26072_029' into maint-0.2.9 2018-05-16 12:11:40 -04:00
Nick Mathewson
ddc3eb20b7 Merge branch 'bug26116_029' into bug26116_033 2018-05-16 11:43:53 -04:00
Nick Mathewson
881f7157f6 Return -1 from our PEM password callback
Apparently, contrary to its documentation, this is how OpenSSL now
wants us to report an error.

Fixes bug 26116; bugfix on 0.2.5.16.
2018-05-16 11:39:42 -04:00
Nick Mathewson
6acbd4c112 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-15 09:32:44 -04:00
Nick Mathewson
4aa3d511b2 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-15 09:32:44 -04:00
Nick Mathewson
502d2c0062 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-15 09:32:44 -04:00
Karsten Loesing
033e4723f3 Update geoip and geoip6 to the May 1 2018 database. 2018-05-15 15:20:09 +02:00
Nick Mathewson
5eb2d58880 Add a missing return after marking a stream for bad connected cell
Fixes bug 26072; bugfix on 0.2.4.7-alpha.
2018-05-14 15:54:48 -04:00
Nick Mathewson
b343ba9060 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:22:32 -04:00
Nick Mathewson
7ee67c47fa Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:22:32 -04:00
Nick Mathewson
2d61a83513 Merge remote-tracking branch 'dgoulet/bug26069_031_01' into maint-0.3.1 2018-05-10 09:22:14 -04:00
Nick Mathewson
f64fa6b19e Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 09:19:28 -04:00
Nick Mathewson
15b8c860d3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 09:19:28 -04:00
Nick Mathewson
ba70439210 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 09:19:28 -04:00
Nick Mathewson
edb6acf9ce Merge remote-tracking branch 'juga/ticket26007_029_02' into maint-0.2.9 2018-05-10 09:19:09 -04:00
David Goulet
6e99286d45 hs-v3: Add an extra white-space when parsing descriptor
The specification describes the signature token to be right after a newline
(\n) then the token "signature" and then a white-space followed by the encoded
signature.

This commit makes sure that when we parse the signature from the descriptor,
we are always looking for that extra white-space at the end of the token.

It will allow us also to support future fields that might start with
"signature".

Fixes #26069

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-10 09:16:50 -04:00
Nick Mathewson
59812789f7 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-10 08:03:04 -04:00
Nick Mathewson
e5acbbd16d Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-10 08:02:10 -04:00
Nick Mathewson
aa08c19703 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-10 08:00:35 -04:00
David Goulet
bca8a104b2 Having a ControlPort open doesn't mean we are a client
The any_client_port_set() returns true if the ControlPort is set which is
wrong because we can have that port open but still not behave as a tor client
(like many relays for instance).

Fixes #26062

Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-05-09 12:50:53 -04:00
juga0
dbdde76f56 Test read bandwidth measurements with empty file 2018-05-09 15:58:25 +00:00
Nick Mathewson
abde29824c Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-09 11:53:18 -04:00
Nick Mathewson
394f102ea6 Merge remote-tracking branch 'asn-github/bug25761_032' into maint-0.3.2 2018-05-09 11:53:15 -04:00
teor
867fe40f91 Stop logging stack contents when reading a zero-length bandwidth file
When directory authorities read a zero-byte bandwidth file, they log
a warning with the contents of an uninitialised buffer. Log a warning
about the empty file instead.

Fixes bug 26007; bugfix on 0.2.2.1-alpha.
2018-05-09 15:19:28 +00:00
Nick Mathewson
a639a67844 Merge branch 'libressl_201805_033' into maint-0.3.3 2018-05-09 08:25:32 -04:00
George Kadianakis
7e8c5e3662 Detect when v3 services get disabled after HUP.
Remove v3 optimization which made Tor not detect disabling services.

This optimization is not so needed because we only call that function after HUP
anyway.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
George Kadianakis
5dc00c0661 Detect when v2 services get disabled after HUP.
During service configuration, rend_service_prune_list_impl_() sets
rend_service_staging_list to NULL, which blocked pruning after a HUP.

This patch initializes rend_service_staging_list when needed, so that HUP can
detect disabled onion services.

Fixes bug #25761.
2018-05-09 11:25:00 +03:00
Roger Dingledine
b979415e8b manpage fix to stop saying CacheIPv4DNS is on by default
Stop saying in the manual that clients cache ipv4 dns answers from exit
relays. We haven't used them since 0.2.6.3-alpha, and in ticket 24050
we stopped even caching them as of 0.3.2.6-alpha, but we forgot to say
so in the man page.

Fixes bug 26052; bugfix on 0.3.2.6-alpha.
2018-05-08 13:13:45 -04:00
Nick Mathewson
46002aa691 Merge remote-tracking branch 'mikeperry/bug25733_029' into maint-0.3.3 2018-05-07 13:33:12 -04:00
Nick Mathewson
6361a250f0 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-03 13:38:54 -04:00
Nick Mathewson
be5b4415c2 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-03 13:38:54 -04:00
Nick Mathewson
4c6a407b9d Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-03 13:38:54 -04:00
Nick Mathewson
44626b37f6 Merge remote-tracking branch 'catalyst-github/bug25936-033' into maint-0.3.3 2018-05-03 13:38:51 -04:00
Nick Mathewson
726f238b72 Merge remote-tracking branch 'catalyst-github/bug25936-031' into maint-0.3.1 2018-05-03 13:38:46 -04:00
Nick Mathewson
5227754b2f Merge remote-tracking branch 'catalyst-github/bug25936-029' into maint-0.2.9 2018-05-03 13:38:37 -04:00
Nick Mathewson
1bbe75da6d Merge remote-tracking branch 'teor/bug25998' into maint-0.3.3 2018-05-03 13:37:33 -04:00
Nick Mathewson
246765342e Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-02 08:46:28 -04:00