Merge remote-tracking branch 'origin/maint-0.2.2'

Conflicts: src/or/config.c Conflict was in or_options_free, where two newly added fields had free calls in the same place.
author: Nick Mathewson <nickm@torproject.org> 2012-04-01 00:46:52 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-04-01 00:46:52 -0400
commit: 341c6a59db09a43ee2301a6c59158b09ec55134b (patch)
tree: 064d7997faa86393decb522b2c6267003c195d5c /changes
parent: 458718d4975661831fa21d9f2653932e17c1bae0 (diff)
parent: 9a69c24150965e54322ed9616638d4f1939b1289 (diff)
download: tor-341c6a59db09a43ee2301a6c59158b09ec55134b.tar.gz
tor-341c6a59db09a43ee2301a6c59158b09ec55134b.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bridgepassword b/changes/bridgepassword
new file mode 100644
index 0000000000..5f0e250ff6
--- /dev/null
+++ b/changes/bridgepassword
@@ -0,0 +1,11 @@
+  o Security fixes:
+    - When using the debuging BridgePassword field, a bridge authority
+      now compares alleged passwords by hashing them, then comparing
+      the result to a digest of the expected authenticator. This avoids
+      a potential side-channel attack in the previous code, which
+      had foolishly used strcmp().  Fortunately, the BridgePassword field
+      *is not in use*, but if it had been, the timing
+      behavior of strcmp() might have allowed an adversary to guess the
+      BridgePassword value, and enumerate the bridges. Bugfix on
+      0.2.0.14-alpha. Fixes bug 5543.
+
author	Nick Mathewson <nickm@torproject.org>	2012-04-01 00:46:52 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-04-01 00:46:52 -0400
commit	341c6a59db09a43ee2301a6c59158b09ec55134b (patch)
tree	064d7997faa86393decb522b2c6267003c195d5c /changes
parent	458718d4975661831fa21d9f2653932e17c1bae0 (diff)
parent	9a69c24150965e54322ed9616638d4f1939b1289 (diff)
download	tor-341c6a59db09a43ee2301a6c59158b09ec55134b.tar.gz tor-341c6a59db09a43ee2301a6c59158b09ec55134b.zip