[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats info leak upon close of circuits with queued cells (was: Bandwidth stats watermark can be induced using OOM killer)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #23512 [Core Tor/Tor]: Bandwidth stats info leak upon close of circuits with queued cells (was: Bandwidth stats watermark can be induced using OOM killer)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 13 Sep 2018 19:42:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 13 Sep 2018 15:42:38 -0400
In-reply-to: <043.a5bcd0bfd1e0dc56065cc39ebe56b6e5@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.a5bcd0bfd1e0dc56065cc39ebe56b6e5@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23512: Bandwidth stats info leak upon close of circuits with queued cells
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-bug-bounty, congestion-attack,   |  Actual Points:
  research, watermark, tor-stats, guard-         |
  discovery-stats, 034-triage-20180328,          |
  034-removed-20180328                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorQ
-------------------------------------------------+-------------------------

Comment (by mikeperry):

 Updating the title because this vuln is more general than the oomkiller.
 It can be triggered many, many ways.

 An updated fix for the general issue (based on discussion with dgoulet) is
 at https://github.com/mikeperry-tor/tor/commits/bug23512-v2-032

 I am going to spend a bit seeing if I can use the tests in test_relay.c to
 exercise that code.

 I am ok with this missing 0.3.5.1 for now, but I really think we should
 backport this far enough for relay operators to pick up, though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23512#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing
Next by Author: Re: [tor-bugs] #27356 [Metrics/ExoneraTor]: Reduce database size and variance of query response times
Previous by thread: [tor-bugs] #27692 [Core Tor/sbws]: Update documentation with torflow scaling and other changes
Next by thread: Re: [tor-bugs] #27342 [Core Tor/sbws]: sbws poor error handling
Index(es):
- Author
- Thread