[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1776 [Tor Client]: Allow regular relays to be used as bridges



#1776: Allow regular relays to be used as bridges
-------------------------+--------------------------------------------------
  Reporter:  Sebastian   |       Owner:  arma              
      Type:  defect      |      Status:  needs_review      
  Priority:  normal      |   Milestone:  Tor: 0.2.2.x-final
 Component:  Tor Client  |     Version:                    
Resolution:              |    Keywords:                    
    Parent:              |  
-------------------------+--------------------------------------------------

Comment(by arma):

 Sebastian: for context, I originally put in the if (old_router) check just
 as a defensive programming measure, so we don't look at *old_router if
 it's NULL.

 The first case that comes to mind where old_router could be NULL is if Tor
 has a bug somewhere such that routerlist->desc_digest_map and
 routerlist->identity_map get out of sync. We don't know of bugs now, but
 that's no promise they won't be introduced later.

 I guess the second case that you're pointing out is if somebody can create
 a sha1 collision on structured data (relay descriptors here), such that
 they give you a descriptor A for relay identity B, and then when you're
 fetching a bridge descriptor for bridge identity C they give you a new
 descriptor D signed by C whose hash matches the hash of A. That would
 cause you to trigger the assert and exit.

 I have to say, I'm not much worried about that DoS vulnerability. Somebody
 should audit the Tor code in their spare time for other such cases, to get
 a sense of how many there are, but I bet there are lots.

 Nick, can you give some insight here? How pedantic should we be?
 bug1776_v3 seems like it resolves the issues, and it has an assert that
 shouldn't be triggered except if we have a bug or a bad assumption about
 sha1. Good enough?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1776#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs