diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:42:15 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:42:15 -0400 |
commit | 15617f29cb8a067ac399557cc6e72e0a415946da (patch) | |
tree | 6b9cc10d213c759fad51afbb914fc001dcd328e3 /changes/bug40391 | |
parent | aa4da024ad5aac5630ca957bcc9b521185d12f3f (diff) | |
parent | 31eaa81f59749ed7e9d4f1bad24225d23eb6f654 (diff) | |
download | tor-15617f29cb8a067ac399557cc6e72e0a415946da.tar.gz tor-15617f29cb8a067ac399557cc6e72e0a415946da.zip |
Merge branch 'maint-0.4.4' into release-0.4.4
Diffstat (limited to 'changes/bug40391')
-rw-r--r-- | changes/bug40391 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug40391 b/changes/bug40391 new file mode 100644 index 0000000000..e3c186275f --- /dev/null +++ b/changes/bug40391 @@ -0,0 +1,9 @@ + o Major bugfixes (security): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look up + circuits in a circuitmux object. An attacker could exploit this to + construct circuits with chosen circuit IDs in order to try to create + collisions and make the hash table inefficient. Now we use a SipHash + construction for this hash table instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. + Reported by Jann Horn from Google's Project Zero. |