Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Nick Mathewson@nickm🤠

Hidden service authorization can never succeed

Have a look at the refactored rend_service_introduce() in 0.2.4.

We set auth_len to 0 at the start of the function. Nothing changes it later. But at the end of the function, we do:

  if (service->clients) {
    if (auth_len > 0) {
      if (rend_check_authorization(service, auth_data)) {
        log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid.");
      } else {
        log_info(LD_REND, "The authorization data that are contained in "
                 "the INTRODUCE2 cell are invalid. Dropping cell.");
        reason = END_CIRC_REASON_CONNECTFAILED;
        goto err;
      }
    } else {
      log_info(LD_REND, "INTRODUCE2 cell does not contain authentication "
               "data, but we require client authorization. Dropping cell.");
      reason = END_CIRC_REASON_CONNECTFAILED;
      goto err;
    }
  }

Since auth_len is always 0, we will always say that the introduce2 cell had no authorization data, and fail.

The commit 471ab340325 introduced this bug in 0.2.4.1-alpha.

Fortunately, this is a fail-closed bug: we are making all the auth fail, not succeed. Unfortunately, the fact that nobody has reported this would seem to indicate that nobody has tried using hidden service authentication with 0.2.4.x.

Spotted by Coverity; this is CID 718615. I've got a fix -- just a second.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information