summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-09-06 19:14:02 -0400
committerNick Mathewson <nickm@torproject.org>2016-09-06 19:14:02 -0400
commitaf58a89b86c462a23e39ba60b04812fd23734e1b (patch)
tree8ef750f1f4a85bf94ac68d981a4e6258ded9f711
parent43092e21c1874086076aa910fc2cba843bcaed39 (diff)
parent0a3009bb85d5675e1565020de08df1081e52253c (diff)
downloadtor-af58a89b86c462a23e39ba60b04812fd23734e1b.tar.gz
tor-af58a89b86c462a23e39ba60b04812fd23734e1b.zip
Merge remote-tracking branch 'teor/bug20012'
-rw-r--r--changes/bug2001212
-rw-r--r--src/or/rendclient.c41
2 files changed, 20 insertions, 33 deletions
diff --git a/changes/bug20012 b/changes/bug20012
new file mode 100644
index 0000000000..f67ee65867
--- /dev/null
+++ b/changes/bug20012
@@ -0,0 +1,12 @@
+ o Major bugfixes (hidden services):
+ - Clients require hidden services to include the TAP keys
+ for their intro points in the hidden service descriptor.
+ This prevents an inadvertent upgrade to ntor, which a
+ malicious hidden service could use to discover which
+ consensus a client has.
+ Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
+ o Minor bugfixes (hidden services):
+ - Stop logging intro point details to the client log on
+ certain error conditions.
+ Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha.
+ Patch by teor.
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 3a742fec0a..263dd3d876 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -1373,40 +1373,15 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
smartlist_del(usable_nodes, i);
goto again;
}
- /* Do we need to look up the router or is the extend info complete? */
+ /* All version 2 HS descriptors come with a TAP onion key.
+ * Clients used to try to get the TAP onion key from the consensus, but this
+ * meant that hidden services could discover which consensus clients have. */
if (!extend_info_supports_tap(intro->extend_info)) {
- const node_t *node;
- extend_info_t *new_extend_info;
- if (tor_digest_is_zero(intro->extend_info->identity_digest))
- node = node_get_by_hex_id(intro->extend_info->nickname);
- else
- node = node_get_by_id(intro->extend_info->identity_digest);
- if (!node) {
- log_info(LD_REND, "Unknown router with nickname '%s'; trying another.",
- intro->extend_info->nickname);
- smartlist_del(usable_nodes, i);
- goto again;
- }
-#ifdef ENABLE_TOR2WEB_MODE
- new_extend_info = extend_info_from_node(node, options->Tor2webMode);
-#else
- new_extend_info = extend_info_from_node(node, 0);
-#endif
- if (!new_extend_info) {
- const char *alternate_reason = "";
-#ifdef ENABLE_TOR2WEB_MODE
- alternate_reason = ", or we cannot connect directly to it";
-#endif
- log_info(LD_REND, "We don't have a descriptor for the intro-point relay "
- "'%s'%s; trying another.",
- extend_info_describe(intro->extend_info), alternate_reason);
- smartlist_del(usable_nodes, i);
- goto again;
- } else {
- extend_info_free(intro->extend_info);
- intro->extend_info = new_extend_info;
- }
- tor_assert(intro->extend_info != NULL);
+ log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the "
+ "intro-point relay '%s'; trying another.",
+ safe_str_client(extend_info_describe(intro->extend_info)));
+ smartlist_del(usable_nodes, i);
+ goto again;
}
/* Check if we should refuse to talk to this router. */
if (strict &&