[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #12086 [BridgeDB]: BridgeDB accepts incoming emails sent to 'givemebridges@xxxxxxxxxx'
#12086: BridgeDB accepts incoming emails sent to 'givemebridges@xxxxxxxxxx'
--------------------------------------+----------------------
Reporter: isis | Owner: isis
Type: defect | Status: new
Priority: major | Milestone:
Component: BridgeDB | Version:
Keywords: bridgedb-email, security | Actual Points:
Parent ID: | Points:
--------------------------------------+----------------------
From
[https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/4c18a4e2b89872c5731d4301665642065980086e
this commit message] for
[https://gitweb.torproject.org/user/isis/bridgedb.git/blob/4c18a4e2b89872c5731d4301665642065980086e:/lib/bridgedb/test/test_email_server.py#l326
this unittest which reproduces the issue] and which is [https://travis-
ci.org/isislovecruft/bridgedb/jobs/25714425#L1679 currently failing with
this error]:
BridgeDB's current code will accept an incoming email with a
{{{To: givemebridges@xxxxxxxxxx}}}
header. However, BridgeDB's reply will still contain:
{{{From: bridges@xxxxxxxxxxxxxx}}}
Obviously, it ''shouldn't'' be possible for any email whose SMTP `RCPT TO`
domain is `'serious.ly'` to actually end up in BridgeDB's mail queue.
Though, if the outside SMTP layer is sent to
`'[bridges|ponticum].torproject.org'` (with `MAIL FROM:` a gmail/yahoo
address), these messages still end up in BridgeDB's mail queue.
The following netcat session demonstrates that this is possible:
{{{
â!isisâwintermute:(master *$=)~ â torsocks nc bridges.torproject.org 25
220 ponticum.torproject.org ESMTP Postfix (Debian/GNU)
HELO ponticum.torproject.org
250 ponticum.torproject.org
MAIL FROM: isisgrimalkin@xxxxxxxxx
250 2.1.0 Ok
RCPT TO: bridges@xxxxxxxxxxxxxxxxxxxxxx
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: isislovecruft@xxxxxxxxx
To: givemebridgesrightnow@xxxxxxxxxx
Subject: mwhahaha
get transport obfs3
.
250 2.0.0 Ok: queued as F03972834F
QUIT
221 2.0.0 Bye
}}}
This request resulted in the following (sanitised) debug logs:
{{{
15:30:31 DEBUG L690:server.validateFrom() ORIGIN:
"'<bridgedb@ponticum>'"
15:30:31 DEBUG L699:server.validateFrom() Got canonical domain:
'ponticum'
15:30:31 DEBUG L495:server.lineReceived() > Received: from ponticum
(ponticum [127.0.0.1]) for <bridges@bridgedb>; Wed, 21 May 2014 15:30:31
+0000
15:30:31 DEBUG L495:server.lineReceived() > From
isisgrimalkin@xxxxxxxxx Wed May 21 15:30:31 2014
15:30:31 DEBUG L495:server.lineReceived() > X-Original-To:
bridges@xxxxxxxxxxxxxxxxxxxxxx
15:30:31 DEBUG L495:server.lineReceived() > Delivered-To:
bridgedb@xxxxxxxxxxxxxxxxxxxxxxx
15:30:31 DEBUG L495:server.lineReceived() > Received: from
ponticum.torproject.org (kpebetka.net [95.79.25.182])
15:30:31 DEBUG L495:server.lineReceived() > by
ponticum.torproject.org (Postfix) with SMTP id F03972834F
15:30:31 DEBUG L495:server.lineReceived() > for
<bridges@xxxxxxxxxxxxxxxxxxxxxx>; Wed, 21 May 2014 15:29:18 +0000 (UTC)
15:30:31 DEBUG L495:server.lineReceived() > From:
isislovecruft@xxxxxxxxx
15:30:31 DEBUG L495:server.lineReceived() > To:
givemebridgesrightnow@xxxxxxxxxx
15:30:31 DEBUG L495:server.lineReceived() > Subject: mwhahaha
15:30:31 DEBUG L495:server.lineReceived() > X-DKIM-Authentication-
Results: dunno
15:30:31 DEBUG L495:server.lineReceived() > Date: Wed, 21 May 2014
15:30:31 -0000
15:30:31 DEBUG L495:server.lineReceived() > Message-Id:
<1400686231.135135.6548@ponticum>
15:30:31 DEBUG L495:server.lineReceived() >
15:30:31 DEBUG L495:server.lineReceived() > get transport obfs3
15:30:31 DEBUG L495:server.lineReceived() >
15:30:31 INFO L611:server.reply() Got an email; deciding
whether to reply.
15:30:31 INFO L646:server.reply() Client requested email
translation: en
15:30:31 DEBUG L70:request.determineBridg() Email request was valid.
15:30:31 DEBUG L160:request.withPluggableT() Parsing 'transport' line:
'get transport obfs3'
15:30:31 INFO L169:request.withPluggableT() Email requested transport
type: 'obfs3'
15:30:31 DEBUG L81:request.determineBridg() Generating hashring
filters for request.
15:30:31 INFO L420:Dist.getBridgesForEmai() Attempting to return for 3
bridges for isislovecruft@xxxxxxxxxxxx
15:30:31 DEBUG L445:Dist.getBridgesForEmai() Cache hit
frozenset([<function filterBridgesByTransport(obfs3,<class
'ipaddr.IPv4Address'>)>])
15:30:31 DEBUG L75:Dist.getNumBridgesPerA() Returning 3 bridges from
ring of len: 492
15:30:31 DEBUG L1034:Bridges.getBridges() Got duplicate bridge
'edfa2fd66533da52f40424bbe917bd03c8378c2d' in main hashring for position
'eda7f69f7c08bd80861c3afa2921168a007d9ae5'.
15:30:31 DEBUG L1034:Bridges.getBridges() Got duplicate bridge
'ed0b2fd66f398afbf10424bb911790faca9ddb8e' in main hashring for position
'eda7f69f7c08bd80861c3afa2921168a007d9ae5'.
15:30:31 DEBUG L183:server.generateRespons() Email contents:
From: bridges@xxxxxxxxxxxxxx
To: isislovecruft@xxxxxxxxx
Message-ID: <20140521153031.21456.73227139.10726@xxxxxxxxxxxxxxxxxxxxxxx>
In-Reply-To: <1400686231.135135.6548@ponticum>
Content-Type: text/plain; charset="utf-8"
Date: Wed, 21 May 2014 15:30:31 +0000
Subject: Re: mwhahaha
Hey, isislovecruft!
[This is an automated message; please do not reply.]
Here are your bridges:
obfs3 10.1.1.1:1111 d14133856abbba8a65607baebf692162c567bf41
obfs3 10.2.2.2:2222 86f45ab5dcef80a4b1abfcc43579e76f1d0b25a4
obfs3 10.3.3.3:3333 5d55daabd91e041e74f62dcfab1a29c8bb32f0b2
To enter bridges into Tor Browser, follow the instructions on the Tor
Browser download page [0] to start Tor Browser.
When the 'Tor Network Settings' dialogue pops up, click 'Configure' and
follow
the wizard until it asks:
> Does your Internet Service Provider (ISP) block or otherwise censor
connections
> to the Tor network?
Select 'Yes' and then click 'Next'. To configure your new bridges, copy
and
paste the bridge lines into the text input box. Finally, click 'Connect',
and
you should be good to go! If you experience trouble, try clicking the
'Help'
button in the 'Tor Network Settings' wizard for further assistance.
[0]: https://www.torproject.org/projects/torbrowser.html.en#downloads-beta
COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
get bridges Request vanilla bridges.
get transport [TYPE] Request a Pluggable Transport by TYPE.
get help Displays this message.
get key Get a copy of BridgeDB's public GnuPG key.
get ipv6 Request IPv6 bridges.
Currently supported transport TYPEs:
obfs2
obfs3
scramblesuit
--
<3 BridgeDB
----------------------------------------------------------------------
Public Keys: https://bridges.torproject.org/keys
This email was generated with rainbows, unicorns, and sparkles
for isislovecruft@xxxxxxxxx on Wednesday, 21 May, 2014 at 15:30:31.
15:30:31 INFO L655:server.reply() Sending reply to
isislovecruft@xxxxxxxxx
}}}
The other two bugs detailed in the above commit message are tickets #XXX
and #XXX respectively.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12086>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs