Merge branch 'maint-0.2.3' into release-0.2.3
This commit is contained in:
commit
55cae7dbf1
|
@ -0,0 +1,9 @@
|
|||
o Major bugfixes (security):
|
||||
|
||||
- Disable TLS session tickets. OpenSSL's implementation were giving
|
||||
our TLS session keys the lifetime of our TLS context objects, when
|
||||
perfect forward secrecy would want us to discard anything that
|
||||
could decrypt a link connection as soon as the link connection was
|
||||
closed. Fixes bug 7139; bugfix on all versions of Tor linked
|
||||
against OpenSSL 1.0.0 or later. Found by "nextgens".
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
o Major bugfixes (security):
|
||||
- Discard extraneous renegotiation attempts once the V3 link
|
||||
protocol has been initiated. Failure to do so left us open to
|
||||
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
|
||||
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
|
|
@ -0,0 +1,7 @@
|
|||
o Minor bugfixes:
|
||||
|
||||
- Don't serve or accept v2 hidden service descriptors over a
|
||||
relay's DirPort. It's never correct to do so, and disabling it
|
||||
might make it more annoying to exploit any bugs that turn up in the
|
||||
descriptor-parsing code. Fixes bug 7149.
|
||||
|
|
@ -1195,6 +1195,14 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
|||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TLSv1_1);
|
||||
#endif
|
||||
/* Disable TLS tickets if they're supported. We never want to use them;
|
||||
* using them can make our perfect forward secrecy a little worse, *and*
|
||||
* create an opportunity to fingerprint us (since it's unusual to use them
|
||||
* with TLS sessions turned off).
|
||||
*/
|
||||
#ifdef SSL_OP_NO_TICKET
|
||||
SSL_CTX_set_options(result->ctx, SSL_OP_NO_TICKET);
|
||||
#endif
|
||||
|
||||
if (
|
||||
#ifdef DISABLE_SSL3_HANDSHAKE
|
||||
|
|
|
@ -649,6 +649,7 @@ enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn)
|
|||
"Received a cell while TLS-handshaking, not in "
|
||||
"OR_HANDSHAKING_V3, on a connection we originated.");
|
||||
}
|
||||
connection_or_block_renegotiation(conn);
|
||||
conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
|
||||
if (connection_init_or_handshake_state(conn, started_here) < 0) {
|
||||
connection_mark_for_close(TO_CONN(conn));
|
||||
|
|
|
@ -1186,6 +1186,17 @@ connection_tls_start_handshake(or_connection_t *conn, int receiving)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/** Block all future attempts to renegotiate on 'conn' */
|
||||
void
|
||||
connection_or_block_renegotiation(or_connection_t *conn)
|
||||
{
|
||||
tor_tls_t *tls = conn->tls;
|
||||
if (!tls)
|
||||
return;
|
||||
tor_tls_set_renegotiate_callback(tls, NULL, NULL);
|
||||
tor_tls_block_renegotiation(tls);
|
||||
}
|
||||
|
||||
/** Invoked on the server side from inside tor_tls_read() when the server
|
||||
* gets a successful TLS renegotiation from the client. */
|
||||
static void
|
||||
|
@ -1195,8 +1206,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
|
|||
(void)tls;
|
||||
|
||||
/* Don't invoke this again. */
|
||||
tor_tls_set_renegotiate_callback(tls, NULL, NULL);
|
||||
tor_tls_block_renegotiation(tls);
|
||||
connection_or_block_renegotiation(conn);
|
||||
|
||||
if (connection_tls_finish_handshake(conn) < 0) {
|
||||
/* XXXX_TLS double-check that it's ok to do this from inside read. */
|
||||
|
|
|
@ -21,6 +21,7 @@ or_connection_t *connection_or_get_for_extend(const char *digest,
|
|||
int *launch_out);
|
||||
void connection_or_set_bad_connections(const char *digest, int force);
|
||||
|
||||
void connection_or_block_renegotiation(or_connection_t *conn);
|
||||
int connection_or_reached_eof(or_connection_t *conn);
|
||||
int connection_or_process_inbuf(or_connection_t *conn);
|
||||
int connection_or_flushed_some(or_connection_t *conn);
|
||||
|
|
|
@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
|
|||
}
|
||||
|
||||
if (options->HidServDirectoryV2 &&
|
||||
connection_dir_is_encrypted(conn) &&
|
||||
!strcmpstart(url,"/tor/rendezvous2/")) {
|
||||
/* Handle v2 rendezvous descriptor fetch request. */
|
||||
const char *descp;
|
||||
|
@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
|
|||
|
||||
/* Handle v2 rendezvous service publish request. */
|
||||
if (options->HidServDirectoryV2 &&
|
||||
connection_dir_is_encrypted(conn) &&
|
||||
!strcmpstart(url,"/tor/rendezvous2/publish")) {
|
||||
switch (rend_cache_store_v2_desc_as_dir(body)) {
|
||||
case -2:
|
||||
|
|
Loading…
Reference in New Issue