[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Authorities reject descriptors without ntor keys

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Authorities reject descriptors without ntor keys
From: nickm@xxxxxxxxxxxxxx
Date: Mon, 29 Aug 2016 19:11:31 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 29 Aug 2016 15:11:42 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: teor (Tim Wilson-Brown) <teor2345@xxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 33da2abd0571a4c4e21d5841bab1be336bca3a5a
Author: teor (Tim Wilson-Brown) <teor2345@xxxxxxxxx>
Date:   Wed Jul 6 16:50:48 2016 +1000

    Authorities reject descriptors without ntor keys
    
    Before, they checked for version 0.2.4.18-rc or later, but this
    would not catch relays without version lines, or buggy or malicious
    relays missing an ntor key.
---
 changes/reject-tap |  4 ++++
 src/or/dirserv.c   | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/changes/reject-tap b/changes/reject-tap
new file mode 100644
index 0000000..85fffc5
--- /dev/null
+++ b/changes/reject-tap
@@ -0,0 +1,4 @@
+  o Major bug fixes (circuit building):
+    - Authorites should not trust the version a relay claims (if any),
+      instead, they should check specifically for an ntor key.
+      Fixes bug 19163; bugfix on 0.2.4.18-rc.
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 64ebde6..ef3a305 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -255,6 +255,22 @@ dirserv_router_get_status(const routerinfo_t *router, const char **msg,
     return FP_REJECT;
   }
 
+  /* dirserv_get_status_impl already rejects versions older than 0.2.4.18-rc,
+   * and onion_curve25519_pkey was introduced in 0.2.4.8-alpha.
+   * But just in case a relay doesn't provide or lies about its version, or
+   * doesn't include an ntor key in its descriptor, check that it exists,
+   * and is non-zero (clients check that it's non-zero before using it). */
+  if (router->onion_curve25519_pkey == NULL ||
+      tor_mem_is_zero((const char*)router->onion_curve25519_pkey->public_key,
+                      CURVE25519_PUBKEY_LEN)) {
+    log_fn(severity, LD_DIR,
+           "Descriptor from router %s is missing an ntor curve25519 onion "
+           "key.", router_describe(router));
+    if (msg)
+      *msg = "Missing ntor curve25519 onion key. Please upgrade!";
+    return FP_REJECT;
+  }
+
   if (router->cache_info.signing_key_cert) {
     /* This has an ed25519 identity key. */
     if (KEYPIN_MISMATCH ==



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/release-0.2.7] Changes file for bifroest
Next by Author: [tor-commits] [tor/maint-0.2.8] Merge branch 'maint-0.2.7' into maint-0.2.8
Previous by thread: [tor-commits] [tor-messenger-build/master] Remove redundant changelog entry
Next by thread: [tor-commits] [tor/master] Client & HS make sure every hop in every non-HS path supports ntor
Index(es):
- Author
- Thread