tor-commits April 2015

tor-commits@lists.torproject.org

19 participants
1110 discussions

[translation/tor_animation_completed] Update translations for tor_animation_completed
by translation＠torproject.org 06 Apr '15

06 Apr '15

commit 121cf0374261d6cf471864c93caa0a4001390277 Author: Translation commit bot <translation(a)torproject.org> Date: Mon Apr 6 13:45:56 2015 +0000 Update translations for tor_animation_completed --- tr.srt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tr.srt b/tr.srt index f5860a3..ef5c9c3 100644 --- a/tr.srt +++ b/tr.srt @@ -55,7 +55,7 @@ Tabii, Tor kullanmıyorsanız! 13 00:00:39,140 --> 00:00:42,840 -Tor Tarayıcı gizliliğimi ve İnternet'teki +Tor Tarayıcı gizliliğimizi ve İnternet'teki kimliğimizi korur. 14 @@ -83,7 +83,7 @@ Tor ayrıca verilerimizi de, hükümet 19 00:01:04,880 --> 00:01:09,340 -Belki de İnternet'i sınırlama ve +Belki de İnternet'i sınırlamaya ve izlemeye çalışan bir baskıcı ülkede yaşıyor olabilirsiniz. 20 @@ -108,7 +108,7 @@ daha fazla güçlü olur 24 00:01:25,140 --> 00:01:29,800 -tamamıyla aynı görülen kalabalıkta +çünkü tamamıyla aynı görülen kalabalıkta gizlenmek daha kolaydır. 25

1 0

[translation/tor_animation] Update translations for tor_animation
by translation＠torproject.org 06 Apr '15

06 Apr '15

commit f45a55498107785a224e41fc0525810e52eed357 Author: Translation commit bot <translation(a)torproject.org> Date: Mon Apr 6 13:45:52 2015 +0000 Update translations for tor_animation --- tr.srt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tr.srt b/tr.srt index f5860a3..ef5c9c3 100644 --- a/tr.srt +++ b/tr.srt @@ -55,7 +55,7 @@ Tabii, Tor kullanmıyorsanız! 13 00:00:39,140 --> 00:00:42,840 -Tor Tarayıcı gizliliğimi ve İnternet'teki +Tor Tarayıcı gizliliğimizi ve İnternet'teki kimliğimizi korur. 14 @@ -83,7 +83,7 @@ Tor ayrıca verilerimizi de, hükümet 19 00:01:04,880 --> 00:01:09,340 -Belki de İnternet'i sınırlama ve +Belki de İnternet'i sınırlamaya ve izlemeye çalışan bir baskıcı ülkede yaşıyor olabilirsiniz. 20 @@ -108,7 +108,7 @@ daha fazla güçlü olur 24 00:01:25,140 --> 00:01:29,800 -tamamıyla aynı görülen kalabalıkta +çünkü tamamıyla aynı görülen kalabalıkta gizlenmek daha kolaydır. 25

1 0

[tor/maint-0.2.4] Bump 0.2.4 version
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit 442d577af5ab95eb91da794e3850ffed25e8c013 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 6 09:41:59 2015 -0400 Bump 0.2.4 version --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 5cc9ab8..6ffe3cc 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.4.26]) +AC_INIT([tor],[0.2.4.27]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE

1 0

[tor/release-0.2.6] Fix another pseudonym to the most frequently used version
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit 8725e6c7bcaef24c71c2479171cd0ccaf43d11b6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 6 09:41:05 2015 -0400 Fix another pseudonym to the most frequently used version --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 690606e..9af97c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,7 +13,7 @@ Changes in version 0.2.6.7 - 2015-04-06 bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes - bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to

1 0

[tor/release-0.2.6] ChangeLog for 0.2.6.7
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit a5df309d89b828bbff9962c8aba26f157a5ee1ce Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 6 09:37:36 2015 -0400 ChangeLog for 0.2.6.7 --- ChangeLog | 27 +++++++++++++++++++++++++++ changes/bug11447 | 5 ----- changes/bug15515 | 4 ---- changes/bug15600 | 5 ----- changes/bug15601 | 4 ---- 5 files changed, 27 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 22b4da0..057b42f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,30 @@ +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "skruffy". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". + + o Minor features (DoS-resistance, hidden service): + - Make it harder for attackers to overwhelm hidden services with + introductions, by blocking multiple introduction requests on the + same circuit. Resolves ticket #15515. + - Decrease the amount of reattempts that a hidden service is willing + to perform when its rendezvous circuits fail. This reduces the + computational cost for hidden service under heavy load. Resolves + ticket #11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series. diff --git a/changes/bug11447 b/changes/bug11447 deleted file mode 100644 index 8cd4f5b..0000000 --- a/changes/bug11447 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (DoS-resistance): - - Decrease the amount of reattempts that a hidden service is - willing to perform when its rendezvous circuits fail. This - reduces the computational cost for hidden service under heavy - load. Resolves ticket #11447. \ No newline at end of file diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2f..0000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cf..0000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880a..0000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".

1 0

[tor/release-0.2.6] Tweak changelog.
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit ee774b02537ce4c10857dd1dd9c4977d8d7a1025 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 6 09:40:12 2015 -0400 Tweak changelog. --- ChangeLog | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 057b42f..690606e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,19 +10,20 @@ Changes in version 0.2.6.7 - 2015-04-06 o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; - bugfix on 0.2.1.6-alpha. Reported by "skruffy". + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". o Minor features (DoS-resistance, hidden service): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. - - Decrease the amount of reattempts that a hidden service is willing - to perform when its rendezvous circuits fail. This reduces the - computational cost for hidden service under heavy load. Resolves - ticket #11447. + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + - Decrease the amount of reattempts that a hidden service performs + when its rendezvous circuits fail. This reduces the computational + cost for running a hidden service under heavy load. Resolves + ticket 11447. Changes in version 0.2.6.6 - 2015-03-24

1 0

[tor/release-0.2.5] Validate the RSA key size received when parsing INTRODUCE2 cells.
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit 49ddd92c115c6943c4602d44f52c22b6f47698e8 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Mon Mar 30 21:53:39 2015 +0000 Validate the RSA key size received when parsing INTRODUCE2 cells. Fixes bug 15600; reported by skruffy --- changes/bug15600 | 5 +++++ src/or/rendservice.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/changes/bug15600 b/changes/bug15600 new file mode 100644 index 0000000..ee1d6cf --- /dev/null +++ b/changes/bug15600 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger + an assertion failure and halt a hidden service. Fixes + bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 8a4a11e..436f2f4 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1810,6 +1810,16 @@ rend_service_parse_intro_for_v2( goto err; } + if (128 != crypto_pk_keysize(extend_info->onion_key)) { + if (err_msg_out) { + tor_asprintf(err_msg_out, + "invalid onion key size in version %d INTRODUCE%d cell", + intro->version, + (intro->type)); + } + + goto err; + } ver_specific_len = 7+DIGEST_LEN+2+klen;

1 0

[tor/release-0.2.5] Handle empty/zero length encoded intro points more gracefully.
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit dc3cb0008085d173800724304573dc4ed341c793 Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Apr 2 12:42:06 2015 +0000 Handle empty/zero length encoded intro points more gracefully. In theory these should never the triggered as the only caller now validates the parameters before this routine gets called. --- src/or/routerparse.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 01f65f2..176c16f 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -4928,7 +4928,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, size_t intro_points_encoded_size) { const char *current_ipo, *end_of_intro_points; - smartlist_t *tokens; + smartlist_t *tokens = NULL; directory_token_t *tok; rend_intro_point_t *intro; extend_info_t *info; @@ -4937,8 +4937,10 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, tor_assert(parsed); /** Function may only be invoked once. */ tor_assert(!parsed->intro_nodes); - tor_assert(intro_points_encoded); - tor_assert(intro_points_encoded_size > 0); + if (!intro_points_encoded || intro_points_encoded_size == 0) { + log_warn(LD_REND, "Empty or zero size introduction point list"); + goto err; + } /* Consider one intro point after the other. */ current_ipo = intro_points_encoded; end_of_intro_points = intro_points_encoded + intro_points_encoded_size; @@ -5042,8 +5044,10 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed, done: /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); + if (tokens) { + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); + smartlist_free(tokens); + } if (area) memarea_drop_all(area);

1 0

[tor/release-0.2.5] Treat empty introduction points sections as missing.
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit 7b5f558da4542ecce992a8bdb65851fd4a1713bc Author: Yawning Angel <yawning(a)schwanenlied.me> Date: Thu Apr 2 12:36:19 2015 +0000 Treat empty introduction points sections as missing. Found by DonnchaC. --- src/or/rendcommon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index d1b4941..d1f8b1a 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -1301,7 +1301,7 @@ rend_cache_store_v2_desc_as_client(const char *desc, goto err; } /* Decode/decrypt introduction points. */ - if (intro_content) { + if (intro_content && intro_size > 0) { int n_intro_points; if (rend_query->auth_type != REND_NO_AUTH && !tor_mem_is_zero(rend_query->descriptor_cookie,

1 0

[tor/release-0.2.5] Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5
by nickm＠torproject.org 06 Apr '15

06 Apr '15

commit fe69a7e1d7658d3202af0c2c7308d342faaa1559 Merge: 3781955 7451b4c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon Apr 6 09:25:37 2015 -0400 Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 changes/bug15600 | 5 +++++ changes/bug15601 | 4 ++++ src/or/rendcommon.c | 2 +- src/or/rendservice.c | 10 ++++++++++ src/or/routerparse.c | 14 +++++++++----- 5 files changed, 29 insertions(+), 6 deletions(-)

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits April 2015