Merge branch 'maint-0.3.2' into release-0.3.2

2017-11-30 12:07:59 -05:00 · 2017-11-30 12:07:59 -05:00 · c981cd4311
parent 500975da96 fd73a168ca
commit c981cd4311
11 changed files with 71 additions and 6 deletions
--- a/changes/bug24313
+++ b/changes/bug24313
@ -0,0 +1,5 @@
+  o Major bugfixes (security, hidden service v2):
+    - Fix a use-after-free error that could crash v2 Tor hidden services
+      when it failed to open circuits while expiring introductions
+      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha.  This
+      issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
--- a/changes/trove-2017-009
+++ b/changes/trove-2017-009
@ -0,0 +1,10 @@
+  o Major bugfixes (security):
+    - When checking for replays in the INTRODUCE1 cell data for a (legacy)
+      hiddden service, correctly detect replays in the RSA-encrypted part of
+      the cell. We were previously checking for replays on the entire cell,
+      but those can be circumvented due to the malleability of Tor's legacy
+      hybrid encryption. This fix helps prevent a traffic confirmation
+      attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
+      tracked as TROVE-2017-009 and CVE-2017-8819.
+
+
--- a/changes/trove-2017-010
+++ b/changes/trove-2017-010
@ -0,0 +1,6 @@
+  o Major bugfixes (security):
+    - Fix a denial-of-service issue where an attacker could crash
+      a directory authority using a malformed router descriptor.
+      Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
+      as TROVE-2017-010 and CVE-2017-8820.
+
--- a/changes/trove-2017-011
+++ b/changes/trove-2017-011
@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Fix a denial of service bug where an attacker could use a malformed
+      directory object to cause a Tor instance to pause while OpenSSL would
+      try to read a passphrase from the terminal. (If the terminal was not
+      available, tor would continue running.)  Fixes bug 24246; bugfix on
+      every version of Tor.  Also tracked as TROVE-2017-011 and
+      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+
--- a/changes/trove-2017-012-part1
+++ b/changes/trove-2017-012-part1
@ -0,0 +1,6 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never build a path through
+      ourselves, even in the case where we have somehow lost the version of
+      our descriptor appearing in the consensus. Fixes part of bug 21534;
+      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
--- a/changes/trove-2017-012-part2
+++ b/changes/trove-2017-012-part2
@ -0,0 +1,5 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never ever choose ourselves
+      as a guard. Previously, this was possible. Fixes part of bug 21534;
+      bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -645,11 +645,21 @@ crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits))
  return 0;
 }

+/** A PEM callback that always reports a failure to get a password */
+static int
+pem_no_password_cb(char *buf, int size, int rwflag, void *u)
+{
+  (void)buf;
+  (void)size;
+  (void)rwflag;
+  (void)u;
+  return 0;
+}
+
 /** Read a PEM-encoded private key from the <b>len</b>-byte string <b>s</b>
 * into <b>env</b>.  Return 0 on success, -1 on failure.  If len is -1,
 * the string is nul-terminated.
 */
-/* Used here, and used for testing. */
 int
 crypto_pk_read_private_key_from_string(crypto_pk_t *env,
                                       const char *s, ssize_t len)
@ -668,7 +678,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_t *env,
  if (env->key)
    RSA_free(env->key);

-  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,NULL,NULL);
+  env->key = PEM_read_bio_RSAPrivateKey(b,NULL,pem_no_password_cb,NULL);

  BIO_free(b);

@ -800,7 +810,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,

  if (env->key)
    RSA_free(env->key);
-  env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL);
+  env->key = PEM_read_bio_RSAPublicKey(b, NULL, pem_no_password_cb, NULL);
  BIO_free(b);
  if (!env->key) {
    crypto_log_errors(LOG_WARN, "reading public key from string");
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@ -740,7 +740,8 @@ node_is_possible_guard(const node_t *node)
          node->is_stable &&
          node->is_fast &&
          node->is_valid &&
-          node_is_dir(node));
+          node_is_dir(node) &&
+          !router_digest_is_me(node->identity));
 }

 /**
--- a/src/or/protover.c
+++ b/src/or/protover.c
@ -694,6 +694,11 @@ protocol_list_contains(const smartlist_t *protos,
 const char *
 protover_compute_for_old_tor(const char *version)
 {
+  if (version == NULL) {
+    /* No known version; guess the oldest series that is still supported. */
+    version = "0.2.5.15";
+  }
+
  if (tor_version_as_new_as(version,
                            FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS)) {
    return "";
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@ -1829,6 +1829,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
  time_t now = time(NULL);
  time_t elapsed;
  int replay;
+  size_t keylen;

  /* Do some initial validation and logging before we parse the cell */
  if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_INTRO) {
@ -1903,9 +1904,10 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
  }

  /* check for replay of PK-encrypted portion. */
+  keylen = crypto_pk_keysize(intro_key);
  replay = replaycache_add_test_and_elapsed(
    intro_point->accepted_intro_rsa_parts,
-    parsed_req->ciphertext, parsed_req->ciphertext_len,
+    parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen),
    &elapsed);

  if (replay) {
@ -3912,6 +3914,10 @@ remove_invalid_intro_points(rend_service_t *service,
      log_info(LD_REND, "Expiring %s as intro point for %s.",
               safe_str_client(extend_info_describe(intro->extend_info)),
               safe_str_client(service->service_id));
+      /* We might have put it in the retry list if so, undo. */
+      if (retry_nodes) {
+        smartlist_remove(retry_nodes, intro);
+      }
      smartlist_add(service->expiring_nodes, intro);
      SMARTLIST_DEL_CURRENT(service->intro_nodes, intro);
      /* Intro point is expired, we need a new one thus don't consider it
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -2839,7 +2839,10 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
    }
  } SMARTLIST_FOREACH_END(node);

-  if ((r = routerlist_find_my_routerinfo()))
+  /* If the node_t is not found we won't be to exclude ourself but we
+   * won't be able to pick ourself in router_choose_random_node() so
+   * this is fine to at least try with our routerinfo_t object. */
+  if ((r = router_get_my_routerinfo()))
    routerlist_add_node_and_family(excludednodes, r);

  router_add_running_nodes_to_smartlist(sl, need_uptime, need_capacity,