[tor-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 14 03:08:16 UTC 2018
#27616: Double-check Rust code for potential proxy bypass in ESR 60
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #22176 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by sysrqb):
Replying to [comment:2 gk]:
> See the second part of comment:15:ticket:22176
Okay, I started with gk's 3) from that ticket. First, I enumerated all
packages and their dependencies (not including the vendored crates). From
these packages, I searched for all occurrences of "tcp", "udp", "socket",
"bind", "connect", "listener", "send", "recv", and "stream". (I don't
claim these are the only functions/methods that can be used for
transmitting a message).
I found these are the in-tree packages (not vendored in
`third_party/rust`):
{{{
media/mp4parse-rust/mp4parse_capi
servo/support/gecko/nsstring
xpcom/rust/nserror
netwerk/base/rust-helper
xpcom/rust/xpcom
xpcom/rust/xpcom/xpcom_macros
modules/libpref/parser
netwerk/base/rust-url-capi
dom/webauthn/u2f-hid-rs
servo/ports/geckolib
}}}
For each of those packages, I ran
{{{
$ grep -rni -E "tcp|udp|socket|bind|connect|listener|send|recv|stream" $p
}}}
(where `$p` was each directory path from above).
Many of the results were false-positives. In particular, `bind` matched
many incstances of "binding" or "bindgen". So, excluding those:
{{{
$ grep -rni -E "tcp|udp|socket|bind|connect|listener|send|recv|stream" $p
| grep -v -E "[bB]inding|[bB]indgen" | grep -ni --color=always -E
"tcp|udp|socket|bind|connect|listener|send|recv|stream"
}}}
These directories didn't contain any matches:
{{{
servo/support/gecko/nsstring
xpcom/rust/nserror
netwerk/base/rust-helper
modules/libpref/parser
netwerk/base/rust-url-capi
servo/ports/geckolib
}}}
`media/mp4parse-rust/mp4parse_capi` has instances of "stream" (but that's
not surprising considering it's doc comment says "Parses ISO Base Media
Format aka video/mp4 streams."). All instances of `stream` are from audio
(FLAC) track information.
`xpcom/rust/xpcom/xpcom_macros` has a occurrence of "bind" and a few
instances of "stream". "bind" is related to FFI, and "stream" are
`TokenStream`s.
`dom/webauthn/u2f-hid-rs` has "send" and "recv", but these are methods
called on a `std::sync::mpsc::channel`. There is another wrapper method
`sendrecv` that calls `U2FHIDCont::write` and `U2FHIDInit::read` for
reading/writing the U2F device. These read/write methods specifically take
a device as the first argument. Using this for making network calls seems
very difficult (without digging too deep).
(to be continued.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27616#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list