October 2011 - tor-commits - lists.torproject.org

[tor/release-0.2.1] Merge branch 'maint-0.2.1' into release-0.2.1
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit abd34f1527272f759d8b45bdf770385c2be2dbe8 Merge: e740ac0 5d30951 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Oct 27 20:02:58 2011 -0400 Merge branch 'maint-0.2.1' into release-0.2.1

1 0

[tor/maint-0.2.1] bump maint to 0.2.1.31
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 5d3095152efb5c8f0d887be0bccdb154ded40a91 Author: Roger Dingledine <arma(a)torproject.org> Date: Thu Oct 27 20:01:58 2011 -0400 bump maint to 0.2.1.31 --- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index eead014..f654361 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.1.25) +AM_INIT_AUTOMAKE(tor, 0.2.1.31) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 6deb8d9..efb3208 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -9,7 +9,7 @@ !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.1.25" +!define VERSION "0.2.1.31" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 65804fe..12af228 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -226,6 +226,6 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.1.25" +#define VERSION "0.2.1.31"

1 0

r25190: {website} bump all packages versions for tor 0.2.2.34 and 0.2.3.6-alph (website/trunk/include)
by Erinn Clark 27 Oct '11

27 Oct '11

Author: erinn Date: 2011-10-27 23:54:08 +0000 (Thu, 27 Oct 2011) New Revision: 25190 Modified: website/trunk/include/versions.wmi Log: bump all packages versions for tor 0.2.2.34 and 0.2.3.6-alpha Modified: website/trunk/include/versions.wmi =================================================================== --- website/trunk/include/versions.wmi 2011-10-27 18:36:51 UTC (rev 25189) +++ website/trunk/include/versions.wmi 2011-10-27 23:54:08 UTC (rev 25190) @@ -1,34 +1,34 @@ -<define-tag version-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-win32-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-win32-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-win32-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-win32-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-win32-bundle-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-win32-bundle-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-win32-bundle-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-win32-bundle-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-win32-bridge-bundle-stable whitespace=delete>0.2.2.33-<version-vidalia-stable></define-tag> -<define-tag version-win32-relay-bundle-stable whitespace=delete>0.2.2.33-<version-vidalia-stable></define-tag> -<define-tag version-win32-exit-bundle-stable whitespace=delete>0.2.2.33-<version-vidalia-stable>-2</define-tag> +<define-tag version-win32-bridge-bundle-stable whitespace=delete>0.2.2.34-<version-vidalia-stable></define-tag> +<define-tag version-win32-relay-bundle-stable whitespace=delete>0.2.2.34-<version-vidalia-stable></define-tag> +<define-tag version-win32-exit-bundle-stable whitespace=delete>0.2.2.34-<version-vidalia-stable>-2</define-tag> -<define-tag version-win32-bridge-bundle-alpha whitespace=delete>0.2.3.5-alpha-<version-vidalia-stable></define-tag> -<define-tag version-win32-relay-bundle-alpha whitespace=delete>0.2.3.5-alpha-<version-vidalia-stable></define-tag> -<define-tag version-win32-exit-bundle-alpha whitespace=delete>0.2.3.5-alpha-<version-vidalia-stable></define-tag> +<define-tag version-win32-bridge-bundle-alpha whitespace=delete>0.2.3.6-alpha-<version-vidalia-stable></define-tag> +<define-tag version-win32-relay-bundle-alpha whitespace=delete>0.2.3.6-alpha-<version-vidalia-stable></define-tag> +<define-tag version-win32-exit-bundle-alpha whitespace=delete>0.2.3.6-alpha-<version-vidalia-stable></define-tag> -<define-tag version-osx-x86-bundle-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-osx-x86-bundle-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-osx-x86-bundle-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-osx-x86-bundle-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-osx-ppc-bundle-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-osx-ppc-bundle-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-osx-ppc-bundle-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-osx-ppc-bundle-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-osx-x86-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-osx-x86-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-osx-x86-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-osx-x86-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-osx-ppc-stable whitespace=delete>0.2.2.33</define-tag> -<define-tag version-osx-ppc-alpha whitespace=delete>0.2.3.5-alpha</define-tag> +<define-tag version-osx-ppc-stable whitespace=delete>0.2.2.34</define-tag> +<define-tag version-osx-ppc-alpha whitespace=delete>0.2.3.6-alpha</define-tag> -<define-tag version-torbrowserbundle whitespace=delete>2.2.33-3</define-tag> -<define-tag version-torbrowser-tor whitespace=delete>0.2.2.33</define-tag> +<define-tag version-torbrowserbundle whitespace=delete>2.2.34-1</define-tag> +<define-tag version-torbrowser-tor whitespace=delete>0.2.2.34</define-tag> <define-tag version-torbrowser-tor-components whitespace=delete>libevent-2.0.14-stable, zlib-1.2.5, openssl-1.0.0e</define-tag> <define-tag version-torbrowser-firefox whitespace=delete>7.0.1</define-tag> <define-tag version-torbrowser-torbutton whitespace=delete>1.4.4.1</define-tag> @@ -37,18 +37,18 @@ <define-tag version-torbrowser-vidalia whitespace=delete>0.2.15</define-tag> <define-tag version-torimbrowserbundle whitespace=delete>1.3.21</define-tag> -<define-tag version-torbrowserbundlelinux32 whitespace=delete>2.2.33-3</define-tag> -<define-tag version-torbrowserbundlelinux64 whitespace=delete>2.2.33-3</define-tag> -<define-tag version-gnu-torbrowser-tor whitespace=delete>0.2.2.33</define-tag> +<define-tag version-torbrowserbundlelinux32 whitespace=delete>2.2.34-1</define-tag> +<define-tag version-torbrowserbundlelinux64 whitespace=delete>2.2.34-1</define-tag> +<define-tag version-gnu-torbrowser-tor whitespace=delete>0.2.2.34</define-tag> <define-tag version-gnu-torbrowser-tor-components whitespace=delete>libevent-2.0.14, zlib-1.2.5, openssl-1.0.0e</define-tag> <define-tag version-gnu-torbrowser-firefox whitespace=delete>7.0.1</define-tag> -<define-tag version-gnu-torbrowser-torbutton whitespace=delete>1.4.4</define-tag> +<define-tag version-gnu-torbrowser-torbutton whitespace=delete>1.4.4.1</define-tag> <define-tag version-gnu-torbrowser-vidalia whitespace=delete>0.2.15</define-tag> -<define-tag version-torbrowserbundleosx whitespace=delete>2.2.33-3</define-tag> -<define-tag version-osx-torbrowser-tor whitespace=delete>0.2.2.33</define-tag> +<define-tag version-torbrowserbundleosx whitespace=delete>2.2.34-1</define-tag> +<define-tag version-osx-torbrowser-tor whitespace=delete>0.2.2.34</define-tag> <define-tag version-osx-torbrowser-firefox whitespace=delete>7.0.1</define-tag> -<define-tag version-osx-torbrowser-torbutton whitespace=delete>1.4.4</define-tag> +<define-tag version-osx-torbrowser-torbutton whitespace=delete>1.4.4.1</define-tag> <define-tag version-osx-torbrowser-vidalia whitespace=delete>0.2.15</define-tag> <define-tag version-vidalia-stable whitespace=delete>0.2.15</define-tag>

1 0

[tor/master] Don't give the Guard flag to relays without the CVE-2011-2768 fix
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 00fffbc1a15e2696a89c721d0c94dc333ff419ef Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Tue Oct 25 00:24:15 2011 -0700 Don't give the Guard flag to relays without the CVE-2011-2768 fix --- changes/issue-2011-10-19L | 7 ++++ src/or/dirserv.c | 71 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 1 deletions(-) diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L index 1fefd72..b879c9d 100644 --- a/changes/issue-2011-10-19L +++ b/changes/issue-2011-10-19L @@ -19,3 +19,10 @@ client is connected to a patched relay. Bugfix on FIXME; found by frosty_un. + - Don't assign the Guard flag to relays running a version of Tor + which would use an OR connection on which it has received a + CREATE_FAST cell to satisfy an EXTEND request. Mitigates + CVE-2011-2768, by ensuring that clients will not connect + directly to any relay which an attacker could probe for an + unpatched client's connections. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 6607901..fa7f693 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2251,6 +2251,74 @@ get_possible_sybil_list(const smartlist_t *routers) return omit_as_sybil; } +/** Return non-zero iff a relay running the Tor version specified in + * platform is suitable for use as a potential entry guard. */ +static int +is_router_version_good_for_possible_guard(const char *platform) +{ + static int parsed_versions_initialized = 0; + static tor_version_t first_good_0_2_1_guard_version; + static tor_version_t first_good_0_2_2_guard_version; + static tor_version_t first_good_later_guard_version; + + tor_version_t router_version; + + /* XXX023 This block should be extracted into its own function. */ + /* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */ + { + char *s, *s2, *start; + char tmp[128]; + + tor_assert(platform); + + if (strcmpstart(platform,"Tor ")) /* nonstandard Tor; be safe and say yes */ + return 1; + + start = (char *)eat_whitespace(platform+3); + if (!*start) return 0; + s = (char *)find_whitespace(start); /* also finds '\0', which is fine */ + s2 = (char*)eat_whitespace(s); + if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-")) + s = (char*)find_whitespace(s2); + + if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */ + return 0; + strlcpy(tmp, start, s-start+1); + + if (tor_version_parse(tmp, &router_version)<0) { + log_info(LD_DIR,"Router version '%s' unparseable.",tmp); + return 1; /* be safe and say yes */ + } + } + /* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */ + + if (!parsed_versions_initialized) { + /* CVE-2011-2769 was fixed on the relay side in Tor versions + * 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */ + tor_assert(tor_version_parse("0.2.1.31", + &first_good_0_2_1_guard_version)>=0); + tor_assert(tor_version_parse("0.2.2.34", + &first_good_0_2_2_guard_version)>=0); + tor_assert(tor_version_parse("0.2.3.6-alpha", + &first_good_later_guard_version)>=0); + + /* Don't parse these constant version strings once for every relay + * for every vote. */ + parsed_versions_initialized = 1; + } + + return ((tor_version_same_series(&first_good_0_2_1_guard_version, + &router_version) && + tor_version_compare(&first_good_0_2_1_guard_version, + &router_version) <= 0) || + (tor_version_same_series(&first_good_0_2_2_guard_version, + &router_version) && + tor_version_compare(&first_good_0_2_2_guard_version, + &router_version) <= 0) || + (tor_version_compare(&first_good_later_guard_version, + &router_version) <= 0)); +} + /** Extract status information from ri and from other authority * functions and store it in rs>. If naming, consider setting * the named flag in rs. @@ -2294,7 +2362,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, - guard_bandwidth_excluding_exits))) { + guard_bandwidth_excluding_exits)) && + is_router_version_good_for_possible_guard(ri->platform)) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime(

1 0

[tor/master] Make tor_version_same_series non-static
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 4d0f152aadabd431924acb137990081269cffb3d Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Mon Oct 24 23:36:57 2011 -0700 Make tor_version_same_series non-static --- src/or/routerparse.c | 3 +-- src/or/routerparse.h | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/or/routerparse.c b/src/or/routerparse.c index aed4fd1..001c4d6 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -572,7 +572,6 @@ static int check_signature_token(const char *digest, int flags, const char *doctype); static crypto_pk_env_t *find_dir_signing_key(const char *str, const char *eos); -static int tor_version_same_series(tor_version_t *a, tor_version_t *b); #undef DEBUG_AREA_ALLOC @@ -4556,7 +4555,7 @@ tor_version_compare(tor_version_t *a, tor_version_t *b) /** Return true iff versions a and b belong to the same series. */ -static int +int tor_version_same_series(tor_version_t *a, tor_version_t *b) { tor_assert(a); diff --git a/src/or/routerparse.h b/src/or/routerparse.h index 8b8cde2..527de5d 100644 --- a/src/or/routerparse.h +++ b/src/or/routerparse.h @@ -47,6 +47,7 @@ version_status_t tor_version_is_obsolete(const char *myversion, int tor_version_parse(const char *s, tor_version_t *out); int tor_version_as_new_as(const char *platform, const char *cutoff); int tor_version_compare(tor_version_t *a, tor_version_t *b); +int tor_version_same_series(tor_version_t *a, tor_version_t *b); void sort_version_list(smartlist_t *lst, int remove_duplicates); void assert_addr_policy_ok(smartlist_t *t); void dump_distinct_digest_count(int severity);

1 0

[tor/master] Add option to give guard flag to relays without the CVE-2011-2768 fix
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 4684ced1b3fced0543fa65bf01f75c5d81eaf464 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Tue Oct 25 12:33:21 2011 -0700 Add option to give guard flag to relays without the CVE-2011-2768 fix This way, all of the DA operators can upgrade immediately, without nuking every client's set of entry guards as soon as a majority of them upgrade. Until enough guards have upgraded, a majority of dirauths should set this config option so that there are still enough guards in the network. After a few days pass, all dirauths should use the default. --- src/or/config.c | 2 ++ src/or/dirserv.c | 4 +++- src/or/or.h | 4 ++++ 3 files changed, 9 insertions(+), 1 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 230ccf2..78e4336 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -269,6 +269,8 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif + V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, + BOOL, "0"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(AccelName, STRING, NULL), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index fa7f693..c427fe2 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2332,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2363,7 +2364,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - is_router_version_good_for_possible_guard(ri->platform)) { + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index 8638f20..7d50e1f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2672,6 +2672,10 @@ typedef struct { * number of servers per IP address shared * with an authority. */ + /** Should we assign the Guard flag to relays which would allow + * exploitation of CVE-2011-2768 against their clients? */ + int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting

1 0

[tor/master] Merge branch 'maint-0.2.2_secfix' into master_secfix
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 2dec6597af4014eb731d8caac55a8a87964ce371 Merge: 2c4e89b 4684ced Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Thu Oct 27 00:15:25 2011 +0200 Merge branch 'maint-0.2.2_secfix' into master_secfix Conflicts: src/common/tortls.c src/or/connection_or.c src/or/dirserv.c src/or/or.h changes/issue-2011-10-19L | 28 +++++++++++ changes/issue-2011-10-23G | 9 +++ src/common/tortls.c | 119 +++++++++++++++++++++++++-------------------- src/or/command.c | 13 ++++- src/or/config.c | 2 + src/or/connection_or.c | 7 +++ src/or/dirserv.c | 79 ++++++++++++++++++++++++++++- src/or/or.h | 10 ++++ src/or/routerparse.c | 3 +- src/or/routerparse.h | 1 + 10 files changed, 212 insertions(+), 59 deletions(-) diff --cc src/common/tortls.c index a8b6085,352c3d6..7aaa4e0 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@@ -204,13 -189,14 +204,15 @@@ static X509* tor_tls_create_certificate const char *cname, const char *cname_sign, unsigned int lifetime); -static void tor_tls_unblock_renegotiation(tor_tls_t *tls); + static int tor_tls_context_init_one(tor_tls_context_t **ppcontext, crypto_pk_env_t *identity, - unsigned int key_lifetime); + unsigned int key_lifetime, + int is_client); static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity, - unsigned int key_lifetime); + unsigned int key_lifetime, + int is_client); +static int check_cert_lifetime_internal(const X509 *cert, int tolerance); /** Global TLS contexts. We keep them here because nobody else needs * to touch them. */ @@@ -1085,12 -727,13 +1091,13 @@@ tor_tls_context_init_one(tor_tls_contex * certificate. */ static tor_tls_context_t * - tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) + tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime, + int is_client) { - crypto_pk_env_t *rsa = NULL; + crypto_pk_env_t *rsa = NULL, *rsa_auth = NULL; EVP_PKEY *pkey = NULL; tor_tls_context_t *result = NULL; - X509 *cert = NULL, *idcert = NULL; + X509 *cert = NULL, *idcert = NULL, *authcert = NULL; char *nickname = NULL, *nn2 = NULL; tor_tls_init(); @@@ -1106,35 -745,26 +1113,39 @@@ goto error; if (crypto_pk_generate_key(rsa)<0) goto error; - /* Generate short-term RSA key for use in the in-protocol ("v3") - * authentication handshake. */ - if (!(rsa_auth = crypto_new_pk_env())) - goto error; - if (crypto_pk_generate_key(rsa_auth)<0) - goto error; - /* Create a link certificate signed by identity key. */ - cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, - key_lifetime); - /* Create self-signed certificate for identity key. */ - idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, - IDENTITY_CERT_LIFETIME); - /* Create an authentication certificate signed by identity key. */ - authcert = tor_tls_create_certificate(rsa_auth, identity, nickname, nn2, - key_lifetime); - if (!cert || !idcert || !authcert) { - log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); - goto error; + if (!is_client) { - /* Create certificate signed by identity key. */ ++ /* Generate short-term RSA key for use in the in-protocol ("v3") ++ * authentication handshake. */ ++ if (!(rsa_auth = crypto_new_pk_env())) ++ goto error; ++ if (crypto_pk_generate_key(rsa_auth)<0) ++ goto error; ++ /* Create a link certificate signed by identity key. */ + cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, + key_lifetime); + /* Create self-signed certificate for identity key. */ + idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, + IDENTITY_CERT_LIFETIME); - if (!cert || !idcert) { ++ /* Create an authentication certificate signed by identity key. */ ++ authcert = tor_tls_create_certificate(rsa_auth, identity, nickname, nn2, ++ key_lifetime); ++ if (!cert || !idcert || !authcert) { + log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); + goto error; + } } result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; - result->my_link_cert = tor_cert_new(X509_dup(cert)); - result->my_id_cert = tor_cert_new(X509_dup(idcert)); - result->my_auth_cert = tor_cert_new(X509_dup(authcert)); - if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert) - goto error; - result->link_key = crypto_pk_dup_key(rsa); - result->auth_key = crypto_pk_dup_key(rsa_auth); + if (!is_client) { - result->my_cert = X509_dup(cert); - result->my_id_cert = X509_dup(idcert); - result->key = crypto_pk_dup_key(rsa); ++ result->my_link_cert = tor_cert_new(X509_dup(cert)); ++ result->my_id_cert = tor_cert_new(X509_dup(idcert)); ++ result->my_auth_cert = tor_cert_new(X509_dup(authcert)); ++ if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert) ++ goto error; ++ result->link_key = crypto_pk_dup_key(rsa); ++ result->auth_key = crypto_pk_dup_key(rsa_auth); + } #ifdef EVERYONE_HAS_AES /* Tell OpenSSL to only use TLS1 */ diff --cc src/or/command.c index c85b057,1fa8bc6..d35e2a9 --- a/src/or/command.c +++ b/src/or/command.c @@@ -316,6 -232,7 +316,7 @@@ static voi command_process_create_cell(cell_t *cell, or_connection_t *conn) { or_circuit_t *circ; - or_options_t *options = get_options(); ++ const or_options_t *options = get_options(); int id_is_high; if (we_are_hibernating()) { diff --cc src/or/config.c index c5322f5,78e4336..1b9f9fb --- a/src/or/config.c +++ b/src/or/config.c @@@ -282,9 -269,10 +282,11 @@@ static config_var_t _option_vars[] = V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif + V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, + BOOL, "0"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), + V(HeartbeatPeriod, INTERVAL, "6 hours"), V(AccelName, STRING, NULL), V(AccelDir, FILENAME, NULL), V(HashedControlPassword, LINELIST, NULL), diff --cc src/or/connection_or.c index 14da698,27a34d3..4c0960c --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@@ -1031,20 -813,21 +1036,22 @@@ connection_or_connect(const tor_addr_t conn->_base.state = OR_CONN_STATE_CONNECTING; control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED, 0); + conn->is_outgoing = 1; + - /* use a proxy server if available */ - if (options->HTTPSProxy) { - using_proxy = 1; - tor_addr_copy(&addr, &options->HTTPSProxyAddr); - port = options->HTTPSProxyPort; - } else if (options->Socks4Proxy) { - using_proxy = 1; - tor_addr_copy(&addr, &options->Socks4ProxyAddr); - port = options->Socks4ProxyPort; - } else if (options->Socks5Proxy) { - using_proxy = 1; - tor_addr_copy(&addr, &options->Socks5ProxyAddr); - port = options->Socks5ProxyPort; + /* If we are using a proxy server, find it and use it. */ + r = get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, TO_CONN(conn)); + if (r == 0) { + conn->proxy_type = proxy_type; + if (proxy_type != PROXY_NONE) { + tor_addr_copy(&addr, &proxy_addr); + port = proxy_port; + conn->_base.proxy_state = PROXY_INFANT; + } + } else { + log_warn(LD_GENERAL, "Tried to connect through proxy, but proxy address " + "could not be found."); + connection_free(TO_CONN(conn)); + return NULL; } switch (connection_connect(TO_CONN(conn), conn->_base.address, diff --cc src/or/dirserv.c index 5cb4aba,c427fe2..288fca9 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@@ -2333,9 -2363,13 +2402,13 @@@ set_routerstatus_from_routerinfo(router (router_get_advertised_bandwidth(ri) >= BANDWIDTH_TO_GUARANTEE_GUARD || router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, - guard_bandwidth_excluding_exits))) { - long tk = rep_hist_get_weighted_time_known(node->identity, now); - double wfu = rep_hist_get_weighted_fractional_uptime(node->identity, now); + guard_bandwidth_excluding_exits)) && + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { + long tk = rep_hist_get_weighted_time_known( - ri->cache_info.identity_digest, now); ++ node->identity, now); + double wfu = rep_hist_get_weighted_fractional_uptime( - ri->cache_info.identity_digest, now); ++ node->identity, now); rs->is_possible_guard = (wfu >= guard_wfu && tk >= guard_tk) ? 1 : 0; } else { rs->is_possible_guard = 0; diff --cc src/or/or.h index 7a901e7,7d50e1f..e4f9b9b --- a/src/or/or.h +++ b/src/or/or.h @@@ -1220,7 -1068,12 +1220,13 @@@ typedef struct or_connection_t * router itself has a problem. */ unsigned int is_bad_for_new_circs:1; + /** True iff we have decided that the other end of this connection + * is a client. Connections with this flag set should never be used + * to satisfy an EXTEND request. */ + unsigned int is_connection_with_client:1; + /** True iff this is an outgoing connection. */ + unsigned int is_outgoing:1; + unsigned int proxy_type:2; /**< One of PROXY_NONE...PROXY_SOCKS5 */ uint8_t link_proto; /**< What protocol version are we using? 0 for * "none negotiated yet." */ circid_t next_circ_id; /**< Which circ_id do we try to use next on

1 0

[tor/master] fold in changes entries
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 0eaebebffa4cb8e445e249db0bf6942e1a93bdee Author: Roger Dingledine <arma(a)torproject.org> Date: Wed Oct 26 20:31:49 2011 -0400 fold in changes entries --- ChangeLog | 27 ++++++++++++++++++++++++++- changes/issue-2011-10-19L | 28 ---------------------------- changes/issue-2011-10-23G | 9 --------- 3 files changed, 26 insertions(+), 38 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18505dd..355948c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.3.6-alpha - 2011-10-?? +Changes in version 0.2.3.6-alpha - 2011-10-26 o Major features: - Implement a new handshake protocol (v3) for authenticating Tors to each other over TLS. It should be more resistant to fingerprinting @@ -7,6 +7,26 @@ Changes in version 0.2.3.6-alpha - 2011-10-?? - Allow variable-length padding cells to disguise the length of Tor's TLS records. Implements part of proposal 184. + o Privacy/anonymity fixes (clients): + - Clients and bridges no longer send TLS certificate chains on + outgoing OR connections. Previously, each client or bridge + would use the same cert chain for all outgoing OR connections + for up to 24 hours, which allowed any relay that the client or + bridge contacted to determine which entry guards it is using. + Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un". + - If a relay receives a CREATE_FAST cell on a TLS connection, it + no longer considers that connection as suitable for satisfying a + circuit EXTEND request. Now relays can protect clients from the + CVE-2011-2768 issue even if the clients haven't upgraded yet. + - Directory authorities no longer assign the Guard flag to relays + that haven't upgraded to the above "refuse EXTEND requests + to client connections" fix. Now directory authorities can + protect clients from the CVE-2011-2768 issue even if neither + the clients nor the relays have upgraded yet. There's a new + "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option + to let us transition smoothly, else tomorrow there would be no + guard relays. + o Major bugfixes (hidden services): - Improve hidden service robustness: when an attempt to connect to a hidden service ends, be willing to refetch its hidden service @@ -29,6 +49,11 @@ Changes in version 0.2.3.6-alpha - 2011-10-?? found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212. o Major bugfixes (other): + - Bridges now refuse CREATE or CREATE_FAST cells on OR connections + that they initiated. Relays could distinguish incoming bridge + connections from client connections, creating another avenue for + enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha. + Found by "frosty_un". - Don't update the AccountingSoftLimitHitAt state file entry whenever tor gets started. This prevents a wrong average bandwidth estimate, which would cause relays to always start a new accounting diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L deleted file mode 100644 index b879c9d..0000000 --- a/changes/issue-2011-10-19L +++ /dev/null @@ -1,28 +0,0 @@ - o Security fixes: - - - Don't send TLS certificate chains on outgoing OR connections - from clients and bridges. Previously, each client or bridge - would use a single cert chain for all outgoing OR connections - for up to 24 hours, which allowed any relay connected to by a - client or bridge to determine which entry guards it is using. - This is a potential user-tracing bug for *all* users; everyone - who uses Tor's client or hidden service functionality should - upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by - frosty_un. - - - Don't use any OR connection on which we have received a - CREATE_FAST cell to satisfy an EXTEND request. Previously, we - would not consider whether a connection appears to be from a - client or bridge when deciding whether to use that connection to - satisfy an EXTEND request. Mitigates CVE-2011-2768, by - preventing an attacker from determining whether an unpatched - client is connected to a patched relay. Bugfix on FIXME; found - by frosty_un. - - - Don't assign the Guard flag to relays running a version of Tor - which would use an OR connection on which it has received a - CREATE_FAST cell to satisfy an EXTEND request. Mitigates - CVE-2011-2768, by ensuring that clients will not connect - directly to any relay which an attacker could probe for an - unpatched client's connections. - diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G deleted file mode 100644 index 45f8675..0000000 --- a/changes/issue-2011-10-23G +++ /dev/null @@ -1,9 +0,0 @@ - o Security fixes: - - - Reject CREATE and CREATE_FAST cells on outgoing OR connections - from a bridge to a relay. Previously, we would accept them and - handle them normally, thereby allowing a malicious relay to - easily distinguish bridges which connect to it from clients. - Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were - implemented; found by frosty_un. -

1 0

[tor/master] bump to 0.2.3.6-alpha
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 1a160ae5235951f73620e980b480c919fc184c32 Author: Roger Dingledine <arma(a)torproject.org> Date: Wed Oct 26 20:33:23 2011 -0400 bump to 0.2.3.6-alpha --- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 4db44d1..641d46a 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.3.5-alpha-dev) +AM_INIT_AUTOMAKE(tor, 0.2.3.6-alpha) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 115129b..3316b70 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.3.5-alpha-dev" +!define VERSION "0.2.3.6-alpha" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index cdff052..df5f2b4 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -234,7 +234,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.3.5-alpha-dev" +#define VERSION "0.2.3.6-alpha"

1 0

[tor/master] a little blurb for 0.2.3.6-alpha
by arma＠torproject.org 27 Oct '11

27 Oct '11

commit 47dff61061f4bfc2ad5f1992a11b48e5c7ad94af Author: Roger Dingledine <arma(a)torproject.org> Date: Wed Oct 26 20:54:15 2011 -0400 a little blurb for 0.2.3.6-alpha --- ChangeLog | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index 24b4961..c721e70 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,11 @@ Changes in version 0.2.3.6-alpha - 2011-10-26 + Tor 0.2.3.6-alpha includes the fix from 0.2.2.34 for a critical + anonymity vulnerability where an attacker can deanonymize Tor + users. Everybody should upgrade. + + This release also features support for a new v3 connection handshake + protocol, and fixes to make hidden service connections more robust. + o Major features: - Implement a new handshake protocol (v3) for authenticating Tors to each other over TLS. It should be more resistant to fingerprinting

1 0