diff options
| -rw-r--r-- | changes/bug18329-minimal | 6 | ||||
| -rw-r--r-- | changes/bug24480 | 3 | ||||
| -rw-r--r-- | changes/ticket23856 | 4 | ||||
| -rw-r--r-- | changes/trove-2017-009 | 10 | ||||
| -rw-r--r-- | changes/trove-2017-011 | 8 | ||||
| -rw-r--r-- | changes/trove-2017-012-part1 | 6 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | contrib/win32build/tor-mingw.nsi.in | 2 | ||||
| -rw-r--r-- | src/common/crypto.c | 16 | ||||
| -rw-r--r-- | src/or/rendservice.c | 4 | ||||
| -rw-r--r-- | src/or/rephist.c | 4 | ||||
| -rw-r--r-- | src/or/router.c | 11 | ||||
| -rw-r--r-- | src/or/routerlist.c | 5 | ||||
| -rw-r--r-- | src/win32/orconfig.h | 2 |
14 files changed, 72 insertions, 11 deletions
diff --git a/changes/bug18329-minimal b/changes/bug18329-minimal new file mode 100644 index 0000000000..804c4e8dd1 --- /dev/null +++ b/changes/bug18329-minimal @@ -0,0 +1,6 @@ + o Minor features (bridge): + - Bridges now include notice in their descriptors that they are bridges, + and notice of their distribution status, based on their publication + settings. Implements ticket 18329. For more fine-grained control of + how a bridge is distributed, upgrade to 0.3.2.x or later. + diff --git a/changes/bug24480 b/changes/bug24480 new file mode 100644 index 0000000000..94e5b91a0c --- /dev/null +++ b/changes/bug24480 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our + fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/ticket23856 b/changes/ticket23856 new file mode 100644 index 0000000000..049da18d06 --- /dev/null +++ b/changes/ticket23856 @@ -0,0 +1,4 @@ + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 hours + in order to reduce the efficiency of guard discovery attacks. Fixes + ticket 23856. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 new file mode 100644 index 0000000000..166a5faec6 --- /dev/null +++ b/changes/trove-2017-009 @@ -0,0 +1,10 @@ + o Major bugfixes (security): + - When checking for replays in the INTRODUCE1 cell data for a (legacy) + hiddden service, correctly detect replays in the RSA-encrypted part of + the cell. We were previously checking for replays on the entire cell, + but those can be circumvented due to the malleability of Tor's legacy + hybrid encryption. This fix helps prevent a traffic confirmation + attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also + tracked as TROVE-2017-009 and CVE-2017-8819. + + diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 new file mode 100644 index 0000000000..82d20d9e78 --- /dev/null +++ b/changes/trove-2017-011 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a malformed + directory object to cause a Tor instance to pause while OpenSSL would + try to read a passphrase from the terminal. (If the terminal was not + available, tor would continue running.) Fixes bug 24246; bugfix on + every version of Tor. Also tracked as TROVE-2017-011 and + CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. + diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 new file mode 100644 index 0000000000..9fccc2cf65 --- /dev/null +++ b/changes/trove-2017-012-part1 @@ -0,0 +1,6 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. diff --git a/configure.ac b/configure.ac index 3177782753..25e197d438 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.5.15-dev]) +AC_INIT([tor],[0.2.5.16-dev]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 6dc7cbd764..9d9eef6321 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.5.15-dev" +!define VERSION "0.2.5.16-dev" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/common/crypto.c b/src/common/crypto.c index f7362765d2..8d816652d3 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -592,11 +592,21 @@ crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) return 0; } +/** A PEM callback that always reports a failure to get a password */ +static int +pem_no_password_cb(char *buf, int size, int rwflag, void *u) +{ + (void)buf; + (void)size; + (void)rwflag; + (void)u; + return 0; +} + /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b> * into <b>env</b>. Return 0 on success, -1 on failure. If len is -1, * the string is nul-terminated. */ -/* Used here, and used for testing. */ int crypto_pk_read_private_key_from_string(crypto_pk_t *env, const char *s, ssize_t len) @@ -615,7 +625,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env, if (env->key) RSA_free(env->key); - env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL); + env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL); BIO_free(b); @@ -747,7 +757,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src, if (env->key) RSA_free(env->key); - env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL); + env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL); BIO_free(b); if (!env->key) { crypto_log_errors(LOG_WARN, "reading public key from string"); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index d958de9df9..80e1e10a05 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1162,6 +1162,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t now = time(NULL); time_t elapsed; int replay; + ssize_t keylen; /* Do some initial validation and logging before we parse the cell */ if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_INTRO) { @@ -1245,9 +1246,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, } /* check for replay of PK-encrypted portion. */ + keylen = crypto_pk_keysize(intro_key); replay = replaycache_add_test_and_elapsed( intro_point->accepted_intro_rsa_parts, - parsed_req->ciphertext, parsed_req->ciphertext_len, + parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen), &elapsed); if (replay) { diff --git a/src/or/rephist.c b/src/or/rephist.c index cedc56af07..5acc8f3513 100644 --- a/src/or/rephist.c +++ b/src/or/rephist.c @@ -1131,9 +1131,9 @@ rep_hist_load_mtbf_data(time_t now) * totals? */ #define NUM_SECS_ROLLING_MEASURE 10 /** How large are the intervals for which we track and report bandwidth use? */ -#define NUM_SECS_BW_SUM_INTERVAL (4*60*60) +#define NUM_SECS_BW_SUM_INTERVAL (24*60*60) /** How far in the past do we remember and publish bandwidth use? */ -#define NUM_SECS_BW_SUM_IS_VALID (24*60*60) +#define NUM_SECS_BW_SUM_IS_VALID (5*24*60*60) /** How many bandwidth usage intervals do we remember? (derived) */ #define NUM_TOTALS (NUM_SECS_BW_SUM_IS_VALID/NUM_SECS_BW_SUM_INTERVAL) diff --git a/src/or/router.c b/src/or/router.c index 2cdbb0c8bb..e1c2d20b3a 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -2064,7 +2064,7 @@ mark_my_descriptor_dirty(const char *reason) /** How frequently will we republish our descriptor because of large (factor * of 2) shifts in estimated bandwidth? */ -#define MAX_BANDWIDTH_CHANGE_FREQ (20*60) +#define MAX_BANDWIDTH_CHANGE_FREQ (3*60*60) /** Check whether bandwidth has changed a lot since the last time we announced * bandwidth. If so, mark our descriptor dirty. */ @@ -2385,6 +2385,15 @@ router_dump_router_to_string(routerinfo_t *router, smartlist_add_asprintf(chunks, "contact %s\n", ci); } + if (options->BridgeRelay) { + const char *bd; + if (options->PublishServerDescriptor_ & BRIDGE_DIRINFO) + bd = "any"; + else + bd = "none"; + smartlist_add_asprintf(chunks, "bridge-distribution-request %s\n", bd); + } + #ifdef CURVE25519_ENABLED if (router->onion_curve25519_pkey) { char kbuf[128]; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 07e87724ba..3bf1eb8956 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2411,7 +2411,10 @@ router_choose_random_node(smartlist_t *excludedsmartlist, }); } - if ((r = routerlist_find_my_routerinfo())) + /* If the node_t is not found we won't be to exclude ourself but we + * won't be able to pick ourself in router_choose_random_node() so + * this is fine to at least try with our routerinfo_t object. */ + if ((r = router_get_my_routerinfo())) routerlist_add_node_and_family(excludednodes, r); router_add_running_nodes_to_smartlist(sl, allow_invalid, diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 5ba3ec1945..a890f62f32 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -241,7 +241,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.5.15-dev" +#define VERSION "0.2.5.16-dev" |