Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #26037
Closed (moved) (moved)
Open
Issue created May 07, 2018 by Isis Lovecruft@isis

DirAuths should check vote signatures before parsing

teor pointed out that vote parsing occurs before checking the votes signature (both verifying the signature and ensuring that it comes from a known valid directory authority). dgoulet confirmed this is the case:

See dirvote.c, function dirvote_add_vote(). You will notice that the very first thing is parsing the whole thing with networkstatus_parse_vote_from_string(). Now, as far as I can tell, the voter signature check happens in that function. However, by the time we check it out, we've tokenized the votes and parsed many parts of the vote already. (If you look for check_signature_token() in that function).

And then once we are done parsing, we do have a valid signature for the vote which then make us check if we know the authority with trusteddirserver_get_by_v3_auth_digest().

The issue of anyone being able to trigger a hypothetical vulnerability in one of the parsing functions aside, it's also just simply not efficient to do all the parsing work and then chuck the results at the end of networkstatus_parse_vote_from_string() if the signature wasn't from a valid sig from a known authority.

This issue has been apparently been present since f4ce7f9c9b4 in tor-0.2.0.3-alpha.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking