Merge branch 'maint-0.2.3' into release-0.2.3

8 files changed, 45 insertions, 2 deletions

diff --git a/changes/bug7139 b/changes/bug7139
new file mode 100644
index 0000000000..dfb7d32838
--- /dev/null
+++ b/changes/bug7139
@@ -0,0 +1,9 @@
+  o Major bugfixes (security):
+
+    - Disable TLS session tickets.  OpenSSL's implementation were giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection was
+      closed.  Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by "nextgens".
+
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
new file mode 100644
index 0000000000..625bfa2f58
--- /dev/null
+++ b/changes/cve-2012-2249
@@ -0,0 +1,5 @@
+  o Major bugfixes (security):
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644
index 0000000000..35b492a2d7
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+
+    - Don't serve or accept v2 hidden service descriptors over a
+      relay's DirPort. It's never correct to do so, and disabling it
+      might make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 53bcc98919..bec2c71232 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1195,6 +1195,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #ifdef SSL_OP_NO_TLSv1_1
   SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
 #endif
+  /* Disable TLS tickets if they're supported.  We never want to use them;
+   * using them can make our perfect forward secrecy a little worse, *and*
+   * create an opportunity to fingerprint us (since it's unusual to use them
+   * with TLS sessions turned off).
+   */
+#ifdef SSL_OP_NO_TICKET
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET);
+#endif
 
   if (
 #ifdef DISABLE_SSL3_HANDSHAKE
diff --git a/src/or/command.c b/src/or/command.c
index d8a409bc27..975af046cd 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -649,6 +649,7 @@ enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn)
            "Received a cell while TLS-handshaking, not in "
            "OR_HANDSHAKING_V3, on a connection we originated.");
   }
+  connection_or_block_renegotiation(conn);
   conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
   if (connection_init_or_handshake_state(conn, started_here) < 0) {
     connection_mark_for_close(TO_CONN(conn));
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index d016387935..6293fe881d 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1186,6 +1186,17 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
   return 0;
 }
 
+/** Block all future attempts to renegotiate on 'conn' */
+void
+connection_or_block_renegotiation(or_connection_t *conn)
+{
+  tor_tls_t *tls = conn->tls;
+  if (!tls)
+    return;
+  tor_tls_set_renegotiate_callback(tls, NULL, NULL);
+  tor_tls_block_renegotiation(tls);
+}
+
 /** Invoked on the server side from inside tor_tls_read() when the server
  * gets a successful TLS renegotiation from the client. */
 static void
@@ -1195,8 +1206,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
   (void)tls;
 
   /* Don't invoke this again. */
-  tor_tls_set_renegotiate_callback(tls, NULL, NULL);
-  tor_tls_block_renegotiation(tls);
+  connection_or_block_renegotiation(conn);
 
   if (connection_tls_finish_handshake(conn) < 0) {
     /* XXXX_TLS double-check that it's ok to do this from inside read. */
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 3e98f5cce1..b78c444921 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -21,6 +21,7 @@ or_connection_t *connection_or_get_for_extend(const char *digest,
                                               int *launch_out);
 void connection_or_set_bad_connections(const char *digest, int force);
 
+void connection_or_block_renegotiation(or_connection_t *conn);
 int connection_or_reached_eof(or_connection_t *conn);
 int connection_or_process_inbuf(or_connection_t *conn);
 int connection_or_flushed_some(or_connection_t *conn);
diff --git a/src/or/directory.c b/src/or/directory.c
index f1510b970a..f235bf3b41 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   }
 
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
        !strcmpstart(url,"/tor/rendezvous2/")) {
     /* Handle v2 rendezvous descriptor fetch request. */
     const char *descp;
@@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
 
   /* Handle v2 rendezvous service publish request. */
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
       !strcmpstart(url,"/tor/rendezvous2/publish")) {
     switch (rend_cache_store_v2_desc_as_dir(body)) {
       case -2: