[tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats info leak upon close of circuits with queued cells (was: Bandwidth stats watermark can be induced using OOM killer)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 13 19:42:27 UTC 2018
#23512: Bandwidth stats info leak upon close of circuits with queued cells
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bug-bounty, congestion-attack, | Actual Points:
research, watermark, tor-stats, guard- |
discovery-stats, 034-triage-20180328, |
034-removed-20180328 |
Parent ID: | Points:
Reviewer: | Sponsor:
| SponsorQ
-------------------------------------------------+-------------------------
Comment (by mikeperry):
Updating the title because this vuln is more general than the oomkiller.
It can be triggered many, many ways.
An updated fix for the general issue (based on discussion with dgoulet) is
at https://github.com/mikeperry-tor/tor/commits/bug23512-v2-032
I am going to spend a bit seeing if I can use the tests in test_relay.c to
exercise that code.
I am ok with this missing 0.3.5.1 for now, but I really think we should
backport this far enough for relay operators to pick up, though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23512#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list