mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
mirror repository of the tor core protocol in case of issues
056be68b1b
In protover.c, the `expand_protocol_list()` function expands a `smartlist_t` of `proto_entry_t`s to their protocol name concatenated with each version number. For example, given a `proto_entry_t` like so: proto_entry_t *proto = tor_malloc(sizeof(proto_entry_t)); proto_range_t *range = tor_malloc_zero(sizeof(proto_range_t)); proto->name = tor_strdup("DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa"); proto->ranges = smartlist_new(); range->low = 1; range->high = 65536; smartlist_add(proto->ranges, range); (Where `[19KB]` is roughly 19KB of `"a"` bytes.) This would expand in `expand_protocol_list()` to a `smartlist_t` containing 65536 copies of the string, e.g.: "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=1" "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=2" […] "DoSaaaaaaaaaaaaaaaaaaaaaa[19KB]aaa=65535" Thus constituting a potential resource exhaustion attack. The Rust implementation is not subject to this attack, because it instead expands the above string into a `HashMap<String, HashSet<u32>` prior to #24031, and a `HashMap<UnvalidatedProtocol, ProtoSet>` after). Neither Rust version is subject to this attack, because it only stores the `String` once per protocol. (Although a related, but apparently of too minor impact to be usable, DoS bug has been fixed in #24031. [0]) [0]: https://bugs.torproject.org/24031 * ADDS hard limit on protocol name lengths in protover.c and checks in parse_single_entry() and expand_protocol_list(). * ADDS tests to ensure the bug is caught. * FIXES #25517: https://bugs.torproject.org/25517 |
||
---|---|---|
changes | ||
contrib | ||
doc | ||
m4 | ||
scripts | ||
src | ||
.gitignore | ||
.gitlab-ci.yml | ||
.gitmodules | ||
.travis.yml | ||
acinclude.m4 | ||
autogen.sh | ||
ChangeLog | ||
configure.ac | ||
CONTRIBUTING | ||
Doxyfile.in | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
Makefile.nmake | ||
README | ||
ReleaseNotes |
Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly. To build Tor from source: ./configure && make && make install To build Tor from a just-cloned git repository: sh autogen.sh && ./configure && make && make install Home page: https://www.torproject.org/ Download new versions: https://www.torproject.org/download/download.html Documentation, including links to installation and setup instructions: https://www.torproject.org/docs/documentation.html Making applications work with Tor: https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Frequently Asked Questions: https://www.torproject.org/docs/faq.html To get started working on Tor development: See the doc/HACKING directory. Release timeline: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases