Commit Graph

28678 Commits

Author SHA1 Message Date
Nick Mathewson
aff49cc52d Merge branch 'maint-0.3.3' 2018-05-27 10:04:42 -04:00
Nick Mathewson
fa1890e97f Merge remote-tracking branch 'public/bug25691_033_again_squashed' into maint-0.3.3 2018-05-27 10:03:11 -04:00
Nick Mathewson
f42739e746 Merge branch 'maint-0.3.3' 2018-05-24 09:40:06 -04:00
Nick Mathewson
0ef432d457 Merge branch 'maint-0.3.2' into maint-0.3.3 2018-05-24 09:40:06 -04:00
Nick Mathewson
3f3739c6e0 Merge branch 'maint-0.3.1' into maint-0.3.2 2018-05-24 09:40:06 -04:00
Nick Mathewson
f48fb8a720 Merge branch 'maint-0.2.9' into maint-0.3.1 2018-05-24 09:40:06 -04:00
Nick Mathewson
c000763f1e Merge branch 'bug26116_033' into maint-0.3.3 2018-05-24 09:40:00 -04:00
Nick Mathewson
c380562aed Merge branch 'bug26116_029' into maint-0.2.9 2018-05-24 09:39:46 -04:00
Nick Mathewson
aeb4be1d5a Add a unit test for PEM-encrypted documents. 2018-05-24 09:36:33 -04:00
Nick Mathewson
7fb941e9f2 Merge branch 'appveyor_min_034_v2' 2018-05-23 15:08:50 -04:00
Nick Mathewson
36a107855b Merge branch 'bug26156_034' 2018-05-23 09:08:57 -04:00
Nick Mathewson
ff27b7ce60 Update version to 0.3.3.6-dev 2018-05-22 18:05:28 -04:00
Roger Dingledine
68680a2391 remove the now-duplicate 0.3.3.6 stanzas 2018-05-22 18:03:25 -04:00
Nick Mathewson
c5c227e140 copy changelog and releasenotes from 0.3.3.6 2018-05-22 18:07:10 -04:00
Nick Mathewson
e185cac6f6 Merge branch 'maint-0.3.3'
"ours" merge to avoid version bump.
2018-05-22 18:05:42 -04:00
Roger Dingledine
5b1f330766 forward-port all those changelog changes 2018-05-22 16:17:56 -04:00
Roger Dingledine
123f8a18f2 reorder 0.3.3.3-alpha changelog
(it came out before 0.3.2.10, because 0.3.2.10 has backports from it)
2018-05-22 14:34:53 -04:00
Nick Mathewson
38f8b3c63d Merge branch 'maint-0.3.3' 2018-05-22 14:13:28 -04:00
Nick Mathewson
80d673ccea Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 14:13:23 -04:00
Nick Mathewson
7483aef896 avoid a signed/unsigned comparison. 2018-05-22 14:12:44 -04:00
Nick Mathewson
cde5c9d0c3 Merge branch 'maint-0.3.3' 2018-05-22 13:35:33 -04:00
Nick Mathewson
a5d4ce2b39 Make the TROVE-2018-005 fix work with rust. 2018-05-22 13:35:20 -04:00
Nick Mathewson
b858f576c3 Merge branch 'maint-0.3.3' 2018-05-22 12:54:31 -04:00
Nick Mathewson
6e8e005b53 Merge branch 'trove-2018-005_032' into maint-0.3.3 2018-05-22 12:54:26 -04:00
Nick Mathewson
240bb17714 uint breaks compilation on windows 2018-05-22 12:54:05 -04:00
Nick Mathewson
740b8bb79c Merge branch 'maint-0.3.3'
"ours" merge to avoid version bump
2018-05-22 12:40:40 -04:00
Nick Mathewson
074b182baa version bump to 0.3.3.6 2018-05-22 12:40:18 -04:00
Nick Mathewson
a789578889 Merge branch 'trove-2018-005_034' 2018-05-22 12:33:49 -04:00
Nick Mathewson
1afdb5b6cc Merge branch 'maint-0.3.3'
"Ours" merge to avoid the maint-0.3.3 version of the TROVE-2018-005
fix, which touches the files in their old locations.
2018-05-22 12:33:09 -04:00
Nick Mathewson
6442417fde fix wide lines 2018-05-22 12:32:00 -04:00
Nick Mathewson
e5541996b7 changes file for TROVE-2018-005 2018-05-22 12:29:14 -04:00
Isis Lovecruft
3283619acf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:28:33 -04:00
Isis Lovecruft
701c2b69f5 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
Isis Lovecruft
569b4e57e2 rust: Mirror TROVE-2018-005 fix in Rust protover implementation.
* REFACTORS `UnvalidatedProtoEntry::from_str` to place the bulk of the
   splitting/parsing logic in to a new
   `UnvalidatedProtoEntry::parse_protocol_and_version_str()` method (so that
   both `from_str()` and `from_str_any_len()` can call it.)
 * ADD a new `UnvalidatedProtoEntry::from_str_any_len()` method in order to
   maintain compatibility with consensus methods older than 29.
 * ADD a limit on the number of characters in a protocol name.
 * FIXES part of #25517: https://bugs.torproject.org/25517
2018-05-22 12:27:25 -04:00
Nick Mathewson
a3a8d80beb Merge branch 'trove-2018-005_032' into trove-2018-005_033 2018-05-22 12:27:15 -04:00
Nick Mathewson
d2bc019053 changes file for TROVE-2018-005 2018-05-22 12:26:23 -04:00
Nick Mathewson
bc2d6876b3 Add stdbool to protover.h. Only needed for the 032 backport 2018-05-22 12:15:52 -04:00
Isis Lovecruft
b681438daf vote: TROVE-2018-005 Make DirAuths omit misbehaving routers from their vote. 2018-05-22 12:13:41 -04:00
Isis Lovecruft
eb96692842 protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:12:01 -04:00
Nick Mathewson
48d752407b Add a missing include to get the declaration of OPENSSL_1_1_API
Apparently, even though I had tested on OpenSSL 1.1.1 with
no-deprecated, OpenSSL 1.1.0 is different enough that I should have
tested with that as well.

Fixes bug 26156; bugfix on 0.3.4.1-alpha where we first declared
support for this configuration.
2018-05-22 10:05:27 -04:00
Nick Mathewson
e053c71e3e Merge branch 'appveyor_min_029_v2' into appveyor_min_034_v2 2018-05-22 09:57:12 -04:00
Nick Mathewson
0c81bdc9ef changes file for appveyor support 2018-05-22 09:56:33 -04:00
Nick Mathewson
406366c540 Appveyor configuration files.
Original by Marcin Cieślak, with modifications from Isis Lovecruft
and Nick Mathewson.
2018-05-22 09:56:33 -04:00
Nick Mathewson
add00045aa Merge branch 'bug26101_26102' 2018-05-22 08:42:04 -04:00
Nick Mathewson
87a7748a84 remove already-merged changes file 2018-05-22 08:36:03 -04:00
Nick Mathewson
d2aefffe2f Merge branch 'maint-0.3.3' 2018-05-22 08:35:41 -04:00
Nick Mathewson
3d12663243 Fix a crash bug when testing reachability
Fixes bug 25415; bugfix on 0.3.3.2-alpha.
2018-05-22 08:35:37 -04:00
Nick Mathewson
459ab3650c Python script for IRC notifications from appveyor
Original by Christopher Wood, with modifications by nexB, Isis
Lovecruft, and Marcin Cieślak.
2018-05-21 17:01:11 -04:00
Nick Mathewson
943291d7ae Whoops -- add an entry I missed to the 0.3.4.1-alpha changelog 2018-05-17 12:47:06 -04:00