Commit Graph

28636 Commits

Author SHA1 Message Date
Nick Mathewson
6442417fde fix wide lines 2018-05-22 12:32:00 -04:00
Nick Mathewson
e5541996b7 changes file for TROVE-2018-005 2018-05-22 12:29:14 -04:00
Isis Lovecruft
3283619acf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:28:33 -04:00
Isis Lovecruft
701c2b69f5 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Nick Mathewson
add00045aa Merge branch 'bug26101_26102' 2018-05-22 08:42:04 -04:00
Nick Mathewson
87a7748a84 remove already-merged changes file 2018-05-22 08:36:03 -04:00
Nick Mathewson
d2aefffe2f Merge branch 'maint-0.3.3' 2018-05-22 08:35:41 -04:00
Nick Mathewson
3d12663243 Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-22 08:35:37 -04:00
Nick Mathewson
943291d7ae Whoops -- add an entry I missed to the 0.3.4.1-alpha changelog 2018-05-17 12:47:06 -04:00
Nick Mathewson
3b42b14979 bump to 0.3.4.1-alpha-dev 2018-05-17 09:44:31 -04:00
Nick Mathewson
deb8970a29 increment changelog date 2018-05-17 09:01:14 -04:00
Nick Mathewson
5dbf70f903 Bump version to 0.3.4.1-alpha; contemplate a release 2018-05-16 14:40:28 -04:00
Nick Mathewson
2b0aab7a6e Add comments explaining when a connected cell has an UNSPEC addr
Should prevent other bugs like 26117.
2018-05-16 14:12:50 -04:00
Nick Mathewson
3c4353179f Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-16 12:11:45 -04:00
Nick Mathewson
8340f641c3 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-16 12:11:45 -04:00
Nick Mathewson
d3a972561a Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-16 12:11:45 -04:00
Nick Mathewson
d1e4ffc710 Merge branch 'bug26072_029' into maint-0.2.9 2018-05-16 12:11:40 -04:00
Mike Perry
d0b1157fc1 Bug 26117: Move CIRC_BW field accounting.
Previously, we used the AF_UNSPEC check to represent valid connected cell
data as a result of the lack of return. This was incorrect.
2018-05-15 18:58:24 +00:00
Nick Mathewson
fcfa22d80a Merge branch 'maint-0.3.3' 2018-05-16 12:11:46 -04:00
Nick Mathewson
4a5c1584fe update tor-rust-dependencies submodule 2018-05-16 09:16:47 -04:00
Nick Mathewson
1442e818b6 Merge remote-tracking branch 'isis-github/bug26106' 2018-05-16 09:16:04 -04:00
Nick Mathewson
e5974e5158 Merge remote-tracking branch 'isis-github/bug26108' 2018-05-16 09:14:13 -04:00
Nick Mathewson
2d2cfbcd81 Merge remote-tracking branch 'isis-github/bug26109' 2018-05-16 09:13:27 -04:00
Nick Mathewson
7f37ba825f reflow the blurb. 2018-05-16 09:06:43 -04:00
Nick Mathewson
d194f2130d move a changelog entry and try writing a blurb 2018-05-16 09:05:47 -04:00
Nick Mathewson
ff01471ce7 fix some changelog typos that Catalyst found. 2018-05-15 19:40:46 -04:00
Isis Lovecruft
4d349c6a61
rust: Update rand_core dependency to 0.2.0-pre.0. 2018-05-15 19:33:20 +00:00
Isis Lovecruft
760cf8e28f
rust: Update rand dev-dependency to 0.5.0-pre.2. 2018-05-15 19:31:29 +00:00
Nick Mathewson
72e1f19249 various changelog edits 2018-05-15 15:06:43 -04:00
Isis Lovecruft
4c21d41407
rust: Export digests subcrate from our crypto crate. 2018-05-15 18:05:52 +00:00
Isis Lovecruft
d9c877a6e5
rust: Export crypto_rand::* functions from our external crate. 2018-05-15 18:03:18 +00:00
Isis Lovecruft
9988882c63
rust: Move rand crate into crypto parent crate. 2018-05-15 17:48:57 +00:00
Isis Lovecruft
2ac849da36
rust: Make Rng::new() methods public. 2018-05-15 17:45:09 +00:00
Nick Mathewson
c0eaaf403b run format-changelog 2018-05-15 12:34:12 -04:00
Nick Mathewson
e811bac837 use sortChanges to begin an 0.3.4.1-alpha changelog 2018-05-15 12:31:16 -04:00
Nick Mathewson
98aff146d3 Merge branch 'maint-0.3.3' 2018-05-15 09:32:45 -04:00
Nick Mathewson
6acbd4c112 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-15 09:32:44 -04:00
Nick Mathewson
4aa3d511b2 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-15 09:32:44 -04:00
Nick Mathewson
502d2c0062 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-15 09:32:44 -04:00
Karsten Loesing
033e4723f3 Update geoip and geoip6 to the May 1 2018 database. 2018-05-15 15:20:09 +02:00
Nick Mathewson
db94d7fed2 Update cov-diff to handle new gcov, and remove timestamps
The new gcov sometimes emits *s if there is a line containing
multiple basic blocks, and some are not executed.  (The gcov
documentation says something weird about this point, so I'm trying
to interpret it into the compilerese that I'm familiar with.)
That's bug 26101.

Also, when we're looking for unique variations in our coverage, we
would like cov-diff to suppress timestamps on the diffs.  That's bug
26102.

Both of these are bugfixes on 0.2.5.1-alpha when the cov-diff script
was introduced.

My apologies for the perl.
2018-05-14 18:04:10 -04:00
Nick Mathewson
5eb2d58880 Add a missing return after marking a stream for bad connected cell
Fixes bug 26072; bugfix on 0.2.4.7-alpha.
2018-05-14 15:54:48 -04:00
Nick Mathewson
a394a2dd86 Merge branch 'bug25903_v5_squashed' 2018-05-14 14:25:07 -04:00
Mike Perry
fd504587d5 Bug 25903: Tests 2018-05-14 14:24:58 -04:00
Nick Mathewson
a9ef335c1b Use router_get_my_routerinfo_with_err to implement the old version
Having one function implemented in terms of the other should keep
them from diverging.

follow-up on #25852
2018-05-14 14:12:36 -04:00
Nick Mathewson
d27fd7ff6b Merge remote-tracking branch 'rl1987/bug25852_take2' 2018-05-14 14:05:50 -04:00
Nick Mathewson
aab626405c Merge remote-tracking branch 'catalyst-github/bug25756' 2018-05-11 18:15:43 -04:00
Nick Mathewson
b3e591dca1 improve a URL 2018-05-11 18:00:30 -04:00
Nick Mathewson
cbb13df808 Merge branch 'contributing' 2018-05-11 17:59:09 -04:00