From 4c06c619faceb5d158a725d97fda45cadb2cf9c9 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 18 May 2021 08:40:09 -0400
Subject: Use a more secure hash function for the circuitmux hashtable.

Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as
TROVE-2021-005.

This issue was reported by Jann Horn from Google's Project Zero.
---
 changes/bug40391 | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 changes/bug40391

(limited to 'changes')

diff --git a/changes/bug40391 b/changes/bug40391
new file mode 100644
index 0000000000..e3c186275f
--- /dev/null
+++ b/changes/bug40391
@@ -0,0 +1,9 @@
+  o Major bugfixes (security):
+    - Resist a hashtable-based CPU denial-of-service attack against
+      relays. Previously we used a naive unkeyed hash function to look up
+      circuits in a circuitmux object. An attacker could exploit this to
+      construct circuits with chosen circuit IDs in order to try to create
+      collisions and make the hash table inefficient.  Now we use a SipHash
+      construction for this hash table instead. Fixes bug 40391; bugfix on
+      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
+      Reported by Jann Horn from Google's Project Zero.
-- 
cgit v1.2.3-54-g00ecf