nihilist/tor: mirror repository of the tor core protocol in case of issues - tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 13:06:20 +02:00

mirror repository of the tor core protocol in case of issues

Go to file

Micah Elizabeth Scott a94ce25277 hashx: Fix rare compiler output overflow on aarch64 This is a fix for a very rare buffer overflow in hashx, specific to the dynamic compiler on aarch64 platforms. In practice this issue is extremely unlikely to hit randomly, and it's only been seen in unit tests that supply unusual mock PRNG output to the program generator. My best attempt at estimating the probability of hitting the overflow randomly is about 10^-23. Crafting an input with the intent to overflow can be done only as fast as an exhaustive search, so long as Blake2B is unbroken. The root cause is that hashx writes assembly code without any length checks, and it uses an estimated size rather than an absolute maximum size to allocate the buffer for compiled code. Some instructions are much longer than others, especially on aarch64. The length of the overflow is nearly 300 bytes in the worst synthetic test cases I've developed so far. Overflow occurs during hashx_make(), and the subsequent hashx_exec() will always SIGSEGV as the written code crosses outside the region that's been marked executable. In typical use, hashx_exec() is called immediately after hashx_make(). This fix increases the buffer size from 1 page to 2 pages on aarch64, adds an analysis of the compiled code size, and adds runtime checks so we can gracefully fail on overflow. It also adds a unit test (written in Rust) that includes a PRNG sequence exercising the overflow. Without this patch the unit test shows a SIGSEGV on aarch64, with this patch it runs successfully and matches interpreter output. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>		2023-08-11 15:05:11 -07:00
.gitlab/issue_templates	Remove Proposal.md.	2021-02-12 20:39:48 +00:00
changes	release: ChangeLog update for 0.4.8.3-rc	2023-08-04 10:11:44 -04:00
contrib	version: Bump version to 0.4.8.3-rc-dev	2023-08-04 10:44:28 -04:00
doc	Include a basic Rust wrapper for Equi-X and HashX	2023-07-26 12:27:15 -07:00
m4	added check for compiler support of Wextra-semi	2022-11-01 15:32:43 -06:00
scripts	geoip: Fix cargo target directory	2023-08-04 10:04:36 -04:00
src	hashx: Fix rare compiler output overflow on aarch64	2023-08-11 15:05:11 -07:00
.appveyor.yml	CI: Remove VS2015 AppVeyor build	2020-08-12 14:09:32 +03:00
.clang-format	Add a dire warning about not reformatting the whole codebase yet.	2020-02-12 18:52:35 -05:00
.editorconfig	Add .editorconfig to follow coding standards style	2018-06-17 19:24:40 -04:00
.gitignore	geoip: Fix cargo target directory	2023-08-04 10:04:36 -04:00
.gitlab-ci.yml	ci: Move tag to the x86-64 template	2023-08-02 13:30:28 -04:00
.travis.yml	rust: Remove Rust support from tree	2021-10-06 15:12:04 -04:00
acinclude.m4	m4: Change LIBS order of TOR_SEARCH_LIBRARY()	2021-01-13 09:52:10 -05:00
autogen.sh	Cleanup shellcheck warnings in autogen.sh	2019-01-18 13:49:30 +02:00
Cargo.toml	cargo: Add geoip db tool to top level workspace	2023-08-04 09:55:26 -04:00
ChangeLog	release: ChangeLog update for 0.4.8.3-rc	2023-08-04 10:11:44 -04:00
CODE_OF_CONDUCT	Add CODE_OF_CONDUCT file	2018-07-05 11:22:33 +03:00
configure.ac	version: Bump version to 0.4.8.3-rc-dev	2023-08-04 10:44:28 -04:00
CONTRIBUTING	improve a URL	2018-05-11 18:00:30 -04:00
Doxyfile.in	Remove last artifacts of Rust related code	2021-10-06 15:12:04 -04:00
INSTALL	Remove old instructions from INSTALL	2018-07-03 16:34:52 +03:00
LICENSE	Merge branch 'maint-0.3.5' into maint-0.4.4	2021-03-12 11:36:34 -05:00
Makefile.am	Merge branch 'maint-0.4.7'	2023-06-19 08:09:45 -04:00
README.md	readme: Fix sentence in Releases section	2022-03-09 14:13:34 -05:00
ReleaseNotes	changelog: Update with latest releases	2023-01-12 12:11:16 -05:00
warning_flags.in	Try @warning_flags to avoid bloating verbose make logs	2018-12-21 10:00:23 -05:00

README.md

Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly.

Build

To build Tor from source:

./configure
make
make install

To build Tor from a just-cloned git repository:

./autogen.sh
./configure
make
make install

Releases

The tarballs, checksums and signatures can be found here: https://dist.torproject.org

Checksum: <tarball-name>.sha256sum
Signatures: <tarball-name>.sha256sum.asc

Schedule

You can find our release schedule here:

https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases

Keys that CAN sign a release

The following keys are the maintainers of this repository. One or many of these keys can sign the releases, do NOT expect them all:

Alexander Færøy: 514102454D0A87DB0767A1EBBE6A0531C18A9179
David Goulet: B74417EDDF22AC9F9E90F49142E86A2A11F48D36
Nick Mathewson: 2133BC600AB133E1D826D173FE43009C4607B1FB

Development

See our hacking documentation in doc/HACKING/.

Resources

Home page:

https://www.torproject.org/

Download new versions:

https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:

https://www.torproject.org/docs/documentation.html

Frequently Asked Questions:

https://www.torproject.org/docs/faq.html