diff options
author | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:42:15 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2021-06-10 08:42:15 -0400 |
commit | 1da8621c0aef1f3fa694802b2bbea888a8d82d99 (patch) | |
tree | 69d6ae5b4d5dbfe52a0d3737aa4cf551b82021a0 /changes | |
parent | e2d01aac9e2f45f2c8f0de057f3104d6cfcdaa80 (diff) | |
parent | 31eaa81f59749ed7e9d4f1bad24225d23eb6f654 (diff) | |
download | tor-1da8621c0aef1f3fa694802b2bbea888a8d82d99.tar.gz tor-1da8621c0aef1f3fa694802b2bbea888a8d82d99.zip |
Merge branch 'maint-0.4.4' into maint-0.4.5
Diffstat (limited to 'changes')
-rw-r--r-- | changes/bug40391 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug40391 b/changes/bug40391 new file mode 100644 index 0000000000..e3c186275f --- /dev/null +++ b/changes/bug40391 @@ -0,0 +1,9 @@ + o Major bugfixes (security): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look up + circuits in a circuitmux object. An attacker could exploit this to + construct circuits with chosen circuit IDs in order to try to create + collisions and make the hash table inefficient. Now we use a SipHash + construction for this hash table instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. + Reported by Jann Horn from Google's Project Zero. |