Merge branch 'maint-0.2.3' into release-0.2.3

2012-10-19 14:30:58 -04:00 · 2012-10-19 14:30:58 -04:00 · 55cae7dbf1
parent 60d0964c9a 1cc06bd35e
commit 55cae7dbf1
8 changed files with 45 additions and 2 deletions
--- a/changes/bug7139
+++ b/changes/bug7139
@ -0,0 +1,9 @@
+  o Major bugfixes (security):
+
+    - Disable TLS session tickets.  OpenSSL's implementation were giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection was
+      closed.  Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by "nextgens".
+
--- a/changes/cve-2012-2249
+++ b/changes/cve-2012-2249
@ -0,0 +1,5 @@
+  o Major bugfixes (security):
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
--- a/changes/dirserv-BUGGY-a
+++ b/changes/dirserv-BUGGY-a
@ -0,0 +1,7 @@
+  o Minor bugfixes:
+
+    - Don't serve or accept v2 hidden service descriptors over a
+      relay's DirPort. It's never correct to do so, and disabling it
+      might make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -1195,6 +1195,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 #ifdef SSL_OP_NO_TLSv1_1
  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
 #endif
+  /* Disable TLS tickets if they're supported.  We never want to use them;
+   * using them can make our perfect forward secrecy a little worse, *and*
+   * create an opportunity to fingerprint us (since it's unusual to use them
+   * with TLS sessions turned off).
+   */
+#ifdef SSL_OP_NO_TICKET
+  SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET);
+#endif

  if (
 #ifdef DISABLE_SSL3_HANDSHAKE
--- a/src/or/command.c
+++ b/src/or/command.c
@ -649,6 +649,7 @@ enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn)
           "Received a cell while TLS-handshaking, not in "
           "OR_HANDSHAKING_V3, on a connection we originated.");
  }
+  connection_or_block_renegotiation(conn);
  conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
  if (connection_init_or_handshake_state(conn, started_here) < 0) {
    connection_mark_for_close(TO_CONN(conn));
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@ -1186,6 +1186,17 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
  return 0;
 }

+/** Block all future attempts to renegotiate on 'conn' */
+void
+connection_or_block_renegotiation(or_connection_t *conn)
+{
+  tor_tls_t *tls = conn->tls;
+  if (!tls)
+    return;
+  tor_tls_set_renegotiate_callback(tls, NULL, NULL);
+  tor_tls_block_renegotiation(tls);
+}
+
 /** Invoked on the server side from inside tor_tls_read() when the server
 * gets a successful TLS renegotiation from the client. */
 static void
@ -1195,8 +1206,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
  (void)tls;

  /* Don't invoke this again. */
-  tor_tls_set_renegotiate_callback(tls, NULL, NULL);
-  tor_tls_block_renegotiation(tls);
+  connection_or_block_renegotiation(conn);

  if (connection_tls_finish_handshake(conn) < 0) {
    /* XXXX_TLS double-check that it's ok to do this from inside read. */
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@ -21,6 +21,7 @@ or_connection_t *connection_or_get_for_extend(const char *digest,
                                              int *launch_out);
 void connection_or_set_bad_connections(const char *digest, int force);

+void connection_or_block_renegotiation(or_connection_t *conn);
 int connection_or_reached_eof(or_connection_t *conn);
 int connection_or_process_inbuf(or_connection_t *conn);
 int connection_or_flushed_some(or_connection_t *conn);
--- a/src/or/directory.c
+++ b/src/or/directory.c
@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
  }

  if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
       !strcmpstart(url,"/tor/rendezvous2/")) {
    /* Handle v2 rendezvous descriptor fetch request. */
    const char *descp;
@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,

  /* Handle v2 rendezvous service publish request. */
  if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
      !strcmpstart(url,"/tor/rendezvous2/publish")) {
    switch (rend_cache_store_v2_desc_as_dir(body)) {
      case -2: