mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 13:06:20 +02:00
mirror repository of the tor core protocol in case of issues
a94ce25277
This is a fix for a very rare buffer overflow in hashx, specific to the dynamic compiler on aarch64 platforms. In practice this issue is extremely unlikely to hit randomly, and it's only been seen in unit tests that supply unusual mock PRNG output to the program generator. My best attempt at estimating the probability of hitting the overflow randomly is about 10^-23. Crafting an input with the intent to overflow can be done only as fast as an exhaustive search, so long as Blake2B is unbroken. The root cause is that hashx writes assembly code without any length checks, and it uses an estimated size rather than an absolute maximum size to allocate the buffer for compiled code. Some instructions are much longer than others, especially on aarch64. The length of the overflow is nearly 300 bytes in the worst synthetic test cases I've developed so far. Overflow occurs during hashx_make(), and the subsequent hashx_exec() will always SIGSEGV as the written code crosses outside the region that's been marked executable. In typical use, hashx_exec() is called immediately after hashx_make(). This fix increases the buffer size from 1 page to 2 pages on aarch64, adds an analysis of the compiled code size, and adds runtime checks so we can gracefully fail on overflow. It also adds a unit test (written in Rust) that includes a PRNG sequence exercising the overflow. Without this patch the unit test shows a SIGSEGV on aarch64, with this patch it runs successfully and matches interpreter output. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org> |
||
---|---|---|
.gitlab/issue_templates | ||
changes | ||
contrib | ||
doc | ||
m4 | ||
scripts | ||
src | ||
.appveyor.yml | ||
.clang-format | ||
.editorconfig | ||
.gitignore | ||
.gitlab-ci.yml | ||
.travis.yml | ||
acinclude.m4 | ||
autogen.sh | ||
Cargo.toml | ||
ChangeLog | ||
CODE_OF_CONDUCT | ||
configure.ac | ||
CONTRIBUTING | ||
Doxyfile.in | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
README.md | ||
ReleaseNotes | ||
warning_flags.in |
Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly.
Build
To build Tor from source:
./configure
make
make install
To build Tor from a just-cloned git repository:
./autogen.sh
./configure
make
make install
Releases
The tarballs, checksums and signatures can be found here: https://dist.torproject.org
- Checksum:
<tarball-name>.sha256sum
- Signatures:
<tarball-name>.sha256sum.asc
Schedule
You can find our release schedule here:
Keys that CAN sign a release
The following keys are the maintainers of this repository. One or many of these keys can sign the releases, do NOT expect them all:
- Alexander Færøy: 514102454D0A87DB0767A1EBBE6A0531C18A9179
- David Goulet: B74417EDDF22AC9F9E90F49142E86A2A11F48D36
- Nick Mathewson: 2133BC600AB133E1D826D173FE43009C4607B1FB
Development
See our hacking documentation in doc/HACKING/.
Resources
Home page:
Download new versions:
Documentation, including links to installation and setup instructions:
Frequently Asked Questions: