mirror repository of the tor core protocol in case of issues
Go to file
Isis Lovecruft 056be68b1b protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing.
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of
`proto_entry_t`s to their protocol name concatenated with each version number.
For example, given a `proto_entry_t` like so:

    proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t));
    proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t));

    proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa");
    proto->ranges = smartlist_new();

    range->low = 1;
    range->high = 65536;

    smartlist_add(proto->ranges, range);

(Where `[19KB]` is roughly 19KB of `"a"` bytes.)  This would expand in
`expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the
string, e.g.:

    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1"
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2"
    […]
    "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535"

Thus constituting a potential resource exhaustion attack.

The Rust implementation is not subject to this attack, because it instead
expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031,
and a `HashMap<UnvalidatedProtocol, ProtoSet>` after).  Neither Rust version is
subject to this attack, because it only stores the `String` once per protocol.
(Although a related, but apparently of too minor impact to be usable, DoS bug
has been fixed in #24031. [0])

[0]: https://bugs.torproject.org/24031

 * ADDS hard limit on protocol name lengths in protover.c and checks in
   parse_single_entry() and expand_protocol_list().
 * ADDS tests to ensure the bug is caught.
 * FIXES #25517: https://bugs.torproject.org/25517
2018-05-22 12:28:33 -04:00
changes Merge branch 'bug26101_26102' 2018-05-22 08:42:04 -04:00
contrib bump to 0.3.4.1-alpha-dev 2018-05-17 09:44:31 -04:00
doc Add a CONTRIBUTING file 2018-05-11 13:19:37 -04:00
m4 Replace obsolete macros with modern equivalents 2016-12-23 10:34:11 -05:00
scripts Update cov-diff to handle new gcov, and remove timestamps 2018-05-14 18:04:10 -04:00
src protover: TROVE-2018-005 Fix potential DoS in protover protocol parsing. 2018-05-22 12:28:33 -04:00
.gitignore Merge branch 'maint-0.3.2' 2017-12-13 12:07:46 -05:00
.gitlab-ci.yml Fix spelling mistakes corresponding to ticket #23650 2018-02-07 10:41:57 -05:00
.gitmodules Update the .gitmodules to refer to project-level tor-rust-dependencies 2018-02-21 11:53:04 -05:00
.travis.yml Merge branch 'maint-0.3.3' 2018-05-03 13:38:54 -04:00
acinclude.m4 Run the copyright update script. 2017-03-15 16:13:17 -04:00
autogen.sh Report errors when updating configuration files 2016-12-23 10:35:26 -05:00
ChangeLog Whoops -- add an entry I missed to the 0.3.4.1-alpha changelog 2018-05-17 12:47:06 -04:00
configure.ac bump to 0.3.4.1-alpha-dev 2018-05-17 09:44:31 -04:00
CONTRIBUTING improve a URL 2018-05-11 18:00:30 -04:00
Doxyfile.in doxygen says these options are obsolete 2016-10-24 10:31:05 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Run the copyright update script. 2017-03-15 16:13:17 -04:00
Makefile.am Add a CONTRIBUTING file 2018-05-11 13:19:37 -04:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README doc: Put the release timeline link in README 2017-11-08 10:44:00 -05:00
ReleaseNotes Copy changelog and releasenotes entries from today's releases. 2018-03-03 07:58:12 -05:00

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.

Release timeline:
         https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases