diff options
-rw-r--r-- | changes/bug10849_023 | 6 | ||||
-rw-r--r-- | changes/bug11437 | 3 | ||||
-rw-r--r-- | changes/bug11464_023 | 5 | ||||
-rw-r--r-- | changes/bug11519 | 3 | ||||
-rw-r--r-- | changes/bug7164_downgrade | 6 | ||||
-rw-r--r-- | changes/bug9229 | 5 | ||||
-rw-r--r-- | changes/bug9686_024 | 5 | ||||
-rw-r--r-- | changes/md_leak_bug | 5 | ||||
-rw-r--r-- | src/or/circuituse.c | 2 | ||||
-rw-r--r-- | src/or/config.c | 10 | ||||
-rw-r--r-- | src/or/dns.c | 1 | ||||
-rw-r--r-- | src/or/entrynodes.c | 6 | ||||
-rw-r--r-- | src/or/microdesc.c | 2 | ||||
-rw-r--r-- | src/or/networkstatus.c | 11 | ||||
-rw-r--r-- | src/or/routerlist.c | 31 | ||||
-rw-r--r-- | src/or/routerlist.h | 1 | ||||
-rw-r--r-- | src/or/routerparse.c | 10 |
17 files changed, 106 insertions, 6 deletions
diff --git a/changes/bug10849_023 b/changes/bug10849_023 new file mode 100644 index 000000000..480dea3de --- /dev/null +++ b/changes/bug10849_023 @@ -0,0 +1,6 @@ + o Major bugfixes: + - When running a hidden service, do not allow TunneledDirConns 0; + this will keep the hidden service from running, and also + make it publish its descriptors directly over HTTP. Fixes bug 10849; + bugfix on 0.2.1.1-alpha. + diff --git a/changes/bug11437 b/changes/bug11437 new file mode 100644 index 000000000..f5117cae9 --- /dev/null +++ b/changes/bug11437 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Stop leaking memory when we successfully resolve a PTR record. + Fixes bug 11437; bugfix on 0.2.4.7-alpha. diff --git a/changes/bug11464_023 b/changes/bug11464_023 new file mode 100644 index 000000000..80c04b21e --- /dev/null +++ b/changes/bug11464_023 @@ -0,0 +1,5 @@ + o Major features (security): + - Block authority signing keys that were used on an authorities + vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). + (We don't have any evidence that these keys _were_ compromised; + we're doing this to be prudent.) Resolves ticket 11464. diff --git a/changes/bug11519 b/changes/bug11519 new file mode 100644 index 000000000..5c1e6af7e --- /dev/null +++ b/changes/bug11519 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Avoid sending an garbage value to the controller when a circuit is + cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. diff --git a/changes/bug7164_downgrade b/changes/bug7164_downgrade new file mode 100644 index 000000000..4d75586bb --- /dev/null +++ b/changes/bug7164_downgrade @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Downgrade the warning severity for the the "md was still referenced 1 + node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to + diagnose this bug, and the current warning in earlier versions of + tor achieves nothing useful. Addresses warning from bug 7164. + diff --git a/changes/bug9229 b/changes/bug9229 new file mode 100644 index 000000000..ad7fd22c2 --- /dev/null +++ b/changes/bug9229 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Avoid 60-second delays in the bootstrapping process when Tor + is launching for a second time while using bridges. Fixes bug 9229; + bugfix on 0.2.0.3-alpha. + diff --git a/changes/bug9686_024 b/changes/bug9686_024 new file mode 100644 index 000000000..8705379d3 --- /dev/null +++ b/changes/bug9686_024 @@ -0,0 +1,5 @@ + o Minor features (security): + - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave + the default at 8GBytes), to better support Raspberry Pi users. Fixes + bug 9686; bugfix on 0.2.4.14-alpha. + diff --git a/changes/md_leak_bug b/changes/md_leak_bug new file mode 100644 index 000000000..26270aacc --- /dev/null +++ b/changes/md_leak_bug @@ -0,0 +1,5 @@ + o Major bugfixes (security, OOM) + - Fix a memory leak that could occur if a microdescriptor parse + fails during the tokenizing step. This could enable a memory + exhaustion attack by directory servers. Fixes bug #11649; bugfix + on 0.2.2.6-alpha. diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 598469198..c2d2b2e87 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1518,7 +1518,7 @@ circuit_launch_by_extend_info(uint8_t purpose, circ = circuit_find_to_cannibalize(purpose, extend_info, flags); if (circ) { uint8_t old_purpose = circ->base_.purpose; - struct timeval old_timestamp_began; + struct timeval old_timestamp_began = circ->base_.timestamp_began; log_info(LD_CIRC,"Cannibalizing circ '%s' for purpose %d (%s)", build_state_get_exit_nickname(circ->build_state), purpose, diff --git a/src/or/config.c b/src/or/config.c index ef0294626..09fdc0c49 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2616,10 +2616,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("If EntryNodes is set, UseEntryGuards must be enabled."); } - if (options->MaxMemInCellQueues < (500 << 20)) { - log_warn(LD_CONFIG, "MaxMemInCellQueues must be at least 500 MB for now. " + if (options->MaxMemInCellQueues < (256 << 20)) { + log_warn(LD_CONFIG, "MaxMemInCellQueues must be at least 256 MB for now. " "Ideally, have it as large as you can afford."); - options->MaxMemInCellQueues = (500 << 20); + options->MaxMemInCellQueues = (256 << 20); } options->AllowInvalid_ = 0; @@ -3062,6 +3062,10 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("If you set UseBridges, you must specify at least one bridge."); if (options->UseBridges && !options->TunnelDirConns) REJECT("If you set UseBridges, you must set TunnelDirConns."); + if (options->RendConfigLines && + (!options->TunnelDirConns || !options->PreferTunneledDirConns)) + REJECT("If you are running a hidden service, you must set TunnelDirConns " + "and PreferTunneledDirConns"); for (cl = options->Bridges; cl; cl = cl->next) { if (parse_bridge_line(cl->value, 1)<0) diff --git a/src/or/dns.c b/src/or/dns.c index f2b7eecc3..fb1b10d82 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -1352,6 +1352,7 @@ inform_pending_connections(cached_resolve_t *resolve) } resolve->pending_connections = pend->next; tor_free(pend); + tor_free(hostname); } } diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 2aa063cda..59770fa65 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2115,8 +2115,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) * our entry node list */ entry_guard_register_connect_status(ri->cache_info.identity_digest, 1, 0, now); - if (first) + if (first) { + /* XXXX apparently, this is never called. See bug #9229. */ routerlist_retry_directory_downloads(now); + } + + update_networkstatus_downloads(now); } } } diff --git a/src/or/microdesc.c b/src/or/microdesc.c index 90ac0ac64..0e72c0b89 100644 --- a/src/or/microdesc.c +++ b/src/or/microdesc.c @@ -614,7 +614,7 @@ microdesc_free_(microdesc_t *md, const char *fname, int lineno) } }); if (found) { - log_warn(LD_BUG, "microdesc_free() called from %s:%d, but md was still " + log_info(LD_BUG, "microdesc_free() called from %s:%d, but md was still " "referenced %d node(s); held_by_nodes == %u", fname, lineno, found, md->held_by_nodes); } else { diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 1b5c6dbb3..23b7304b3 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -436,6 +436,17 @@ networkstatus_check_document_signature(const networkstatus_t *consensus, DIGEST_LEN)) return -1; + if (authority_cert_is_blacklisted(cert)) { + /* We implement blacklisting for authority signing keys by treating + * all their signatures as always bad. That way we don't get into + * crazy loops of dropping and re-fetching signatures. */ + log_warn(LD_DIR, "Ignoring a consensus signature made with deprecated" + " signing key %s", + hex_str(cert->signing_key_digest, DIGEST_LEN)); + sig->bad_signature = 1; + return 0; + } + signed_digest_len = crypto_pk_keysize(cert->signing_key); signed_digest = tor_malloc(signed_digest_len); if (crypto_pk_public_checksig(cert->signing_key, diff --git a/src/or/routerlist.c b/src/or/routerlist.c index cb39729ff..8fe496b51 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -633,6 +633,37 @@ authority_cert_dl_failed(const char *id_digest, } } +static const char *BAD_SIGNING_KEYS[] = { + "09CD84F751FD6E955E0F8ADB497D5401470D697E", // Expires 2015-01-11 16:26:31 + "0E7E9C07F0969D0468AD741E172A6109DC289F3C", // Expires 2014-08-12 10:18:26 + "57B85409891D3FB32137F642FDEDF8B7F8CDFDCD", // Expires 2015-02-11 17:19:09 + "87326329007AF781F587AF5B594E540B2B6C7630", // Expires 2014-07-17 11:10:09 + "98CC82342DE8D298CF99D3F1A396475901E0D38E", // Expires 2014-11-10 13:18:56 + "9904B52336713A5ADCB13E4FB14DC919E0D45571", // Expires 2014-04-20 20:01:01 + "9DCD8E3F1DD1597E2AD476BBA28A1A89F3095227", // Expires 2015-01-16 03:52:30 + "A61682F34B9BB9694AC98491FE1ABBFE61923941", // Expires 2014-06-11 09:25:09 + "B59F6E99C575113650C99F1C425BA7B20A8C071D", // Expires 2014-07-31 13:22:10 + "D27178388FA75B96D37FA36E0B015227DDDBDA51", // Expires 2014-08-04 04:01:57 + NULL, +}; + +/** DOCDOC */ +int +authority_cert_is_blacklisted(const authority_cert_t *cert) +{ + char hex_digest[HEX_DIGEST_LEN+1]; + int i; + base16_encode(hex_digest, sizeof(hex_digest), + cert->signing_key_digest, sizeof(cert->signing_key_digest)); + + for (i = 0; BAD_SIGNING_KEYS[i]; ++i) { + if (!strcasecmp(hex_digest, BAD_SIGNING_KEYS[i])) { + return 1; + } + } + return 0; +} + /** Return true iff when we've been getting enough failures when trying to * download the certificate with ID digest <b>id_digest</b> that we're willing * to start bugging the user about it. */ diff --git a/src/or/routerlist.h b/src/or/routerlist.h index ce0f0f2e3..505685897 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -41,6 +41,7 @@ int router_reload_router_list(void); int authority_cert_dl_looks_uncertain(const char *id_digest); const smartlist_t *router_get_trusted_dir_servers(void); const smartlist_t *router_get_fallback_dir_servers(void); +int authority_cert_is_blacklisted(const authority_cert_t *cert); const routerstatus_t *router_pick_directory_server(dirinfo_type_t type, int flags); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 3aa4bdf8a..01f65f262 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2932,6 +2932,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, log_warn(LD_DIR,"Mismatch between identities in certificate and vote"); goto err; } + if (ns->type != NS_TYPE_CONSENSUS) { + if (authority_cert_is_blacklisted(ns->cert)) { + log_warn(LD_DIR, "Rejecting vote signature made with blacklisted " + "signing key %s", + hex_str(ns->cert->signing_key_digest, DIGEST_LEN)); + goto err; + } + } voter->address = tor_strdup(tok->args[2]); if (!tor_inet_aton(tok->args[3], &in)) { log_warn(LD_DIR, "Error decoding IP address %s in network-status.", @@ -4366,11 +4374,13 @@ microdescs_parse_from_string(const char *s, const char *eos, microdesc_free(md); md = NULL; + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); memarea_clear(area); smartlist_clear(tokens); s = start_of_next_microdesc; } + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); memarea_drop_all(area); smartlist_free(tokens); |