nihilist/tor: mirror repository of the tor core protocol in case of issues - tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00

mirror repository of the tor core protocol in case of issues

Go to file

David Goulet ae6430818e addr: Missing AF family to index conversion When accessing the last_resolved_address cache we always need to convert the AF family value to an index value else we are out of bound and thus overflowing if we write to it. This fix is on code that has not been released. GeKo reported the following libasan crash using Tor Browser alpha with tor 0.4.5.0-alpha-dev (`3c884bc9e0`): ==4240==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55888490e388 at pc 0x5588842cc216 bp 0x7ffc8c421b00 sp 0x7ffc8c421af8 READ of size 2 at 0x55888490e388 thread T0 #0 0x5588842cc215 in tor_addr_compare_masked (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215) #1 0x558884203210 in is_local_to_resolve_addr (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x4dd210) #2 0x558883f7e252 in channel_tls_connect (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x258252) #3 0x558883f87ff7 in channel_connect_for_circuit (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x261ff7) #4 0x558883f8bc90 in circuit_handle_first_hop (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x265c90) #5 0x558883f8c891 in circuit_establish_circuit (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x266891) #6 0x558883fc3bbc in circuit_launch_by_extend_info (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29dbbc) #7 0x558883fc5900 (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x29f900) #8 0x558883fc6988 in connection_ap_handshake_attach_circuit (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2a0988) #9 0x558883fd0d3f in connection_ap_attach_pending (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2aad3f) #10 0x7f4d50110885 (TorBrowser/Tor/libevent-2.1.so.7+0x22885) #11 0x7f4d501110de in event_base_loop (TorBrowser/Tor/libevent-2.1.so.7+0x230de) #12 0x558883f69b3c in do_main_loop (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x243b3c) #13 0x558883f3f70c in tor_run_main (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x21970c) #14 0x558883f3c2f7 in tor_main (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x2162f7) #15 0x558883f3531b in main (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x20f31b) #16 0x7f4d4f76acc9 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26cc9) #17 0x558883f3ba00 (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x215a00) 0x55888490e388 is located 24 bytes to the left of global variable 'state_mgr' defined in 'src/app/config/statefile.c:184:22' (0x55888490e3a0) of size 8 0x55888490e388 is located 32 bytes to the right of global variable 'global_state' defined in 'src/app/config/statefile.c:204:20' (0x55888490e360) of size 8 SUMMARY: AddressSanitizer: global-buffer-overflow (/home/thomas/Arbeit/Tor/tor-browser-build/tor-browser_en-US/Browser/TorBrowser/Tor/tor+0x5a6215) in tor_addr_compare_masked Shadow bytes around the buggy address: 0x0ab190919c20: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 0x0ab190919c30: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 0x0ab190919c40: f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab190919c50: 00 00 00 04 f9 f9 f9 f9 00 00 00 00 00 00 00 04 0x0ab190919c60: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 =>0x0ab190919c70: f9[f9]f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab190919c80: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0ab190919c90: 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 0x0ab190919ca0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab190919cb0: 01 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 0x0ab190919cc0: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==4240==ABORTING Signed-off-by: David Goulet <dgoulet@torproject.org>		2020-09-03 16:07:19 +00:00
changes	Merge remote-tracking branch 'tor-gitlab/mr/136'	2020-08-26 22:15:04 +00:00
contrib	Bump to 0.4.4.4-rc-dev	2020-08-13 09:43:54 -04:00
doc	Revise trac.torproject.org urls to refer to gitlab replacements.	2020-08-14 09:21:28 -04:00
m4	Bug 31812: Change http URL's to https	2020-07-13 10:42:46 -04:00
scripts	ci: Add tracing build to Gitlab CI	2020-08-25 10:38:48 -04:00
src	addr: Missing AF family to index conversion	2020-09-03 16:07:19 +00:00
.appveyor.yml	CI: Remove VS2015 AppVeyor build	2020-08-12 14:09:32 +03:00
.clang-format	Add a dire warning about not reformatting the whole codebase yet.	2020-02-12 18:52:35 -05:00
.editorconfig	Add .editorconfig to follow coding standards style	2018-06-17 19:24:40 -04:00
.gitignore	doc: Move manpages into doc/man/	2020-07-14 09:02:03 -04:00
.gitlab-ci.yml	ci: Add tracing build to Gitlab CI	2020-08-25 10:38:48 -04:00
.gitmodules	Update the .gitmodules to refer to project-level tor-rust-dependencies	2018-02-21 11:53:04 -05:00
.travis.yml	Add test for torrc %include functionality and seccomp sandbox	2020-07-15 22:01:08 +01:00
acinclude.m4	Bump copyright date to 2019	2019-01-16 12:33:22 -05:00
autogen.sh	Cleanup shellcheck warnings in autogen.sh	2019-01-18 13:49:30 +02:00
ChangeLog	copy forward the changelog from 0.4.4.3-alpha	2020-07-27 19:16:15 -04:00
CODE_OF_CONDUCT	Add CODE_OF_CONDUCT file	2018-07-05 11:22:33 +03:00
config.rust.in	Make the rust tests link.	2018-07-31 19:46:00 -04:00
configure.ac	Bump to 0.4.4.4-rc-dev	2020-08-13 09:43:54 -04:00
CONTRIBUTING	Add CODE_OF_CONDUCT file	2018-07-05 11:22:33 +03:00
Doxyfile.in	Add correct exclusions to Doxyfile.in.	2020-07-07 10:24:24 -04:00
INSTALL	Remove old instructions from INSTALL	2018-07-03 16:34:52 +03:00
LICENSE	clarify that tor's license is free software	2019-08-23 21:52:33 -04:00
Makefile.am	Merge branch 'maint-0.4.2' into maint-0.4.3	2020-08-12 12:29:17 -04:00
Makefile.nmake	Clean up the MVSC nmake files so they work again.	2014-09-09 10:27:05 -04:00
README	Use correct URL for CoreTorReleases in README.	2020-08-11 18:43:33 -04:00
ReleaseNotes	copy changelogs and releasenotes for today's releases	2020-07-09 10:25:36 -04:00
warning_flags.in	Try @warning_flags to avoid bloating verbose make logs	2018-12-21 10:00:23 -05:00

README

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html

Release timeline:
        https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases

To get started working on Tor development:
        See the doc/HACKING directory.