BridgeDB issueshttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues2022-03-01T17:36:51Zhttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40021Some CollecTor bridge pool assignment files are empty2022-03-01T17:36:51ZCecylia BocovichSome CollecTor bridge pool assignment files are emptyI was helping a friend debug some weird bridge churn results for a research project, and noticed that some of CollecTor's bridge pool assignment data files are empty. See for example the file for the timestamp `2021-06-11-19-30-05` retri...I was helping a friend debug some weird bridge churn results for a research project, and noticed that some of CollecTor's bridge pool assignment data files are empty. See for example the file for the timestamp `2021-06-11-19-30-05` retrievable from https://collector.torproject.org/archive/bridge-pool-assignments/bridge-pool-assignments-2021-06.tar.xz.
I'm not sure if this is a bug on the BridgeDB side or the CollecTor side, but it appears to happen regularly (about once a month, near the middle of the month). So we should do an initial investigation on our end and then contact the metrics team if we think this is a CollecTor bug.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/40015eomReceived sometimes called on message with NoneType2022-05-19T09:21:39ZCecylia BocovicheomReceived sometimes called on message with NoneTypeI noticed this output when deploying BridgeDB. From what I can tell emails still work, I don't think this is a high priority bug right now, but it is definitely a bug.
```
Unhandled Error
Traceback (most recent call last):
File "/home...I noticed this output when deploying BridgeDB. From what I can tell emails still work, I don't think this is a high priority bug right now, but it is definitely a bug.
```
Unhandled Error
Traceback (most recent call last):
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/log.py", line 101, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/log.py", line 85, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/python/context.py", line 83, in callWithContext
return func(*args, **kw)
--- <exception caught here> ---
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/posixbase.py", line 687, in _doReadOrWrite
why = selectable.doRead()
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/tcp.py", line 246, in doRead
return self._dataReceived(data)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/internet/tcp.py", line 251, in _dataReceived
rval = self.protocol.dataReceived(data)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/protocols/basic.py", line 439, in dataReceived
self.lineReceived(line)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 501, in lineReceived
return getattr(self, "state_" + self.mode)(line)
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 748, in dataLineReceived
[m.eomReceived() for m in self.__messages], consumeErrors=True
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/twisted/mail/smtp.py", line 748, in <listcomp>
[m.eomReceived() for m in self.__messages], consumeErrors=True
File "/home/bridgedb/virtualenvs/bridgedb/lib/python3.7/site-packages/bridgedb-0.12.2+0.gee08b6b1.dirty-py3.7.egg/bridgedb/distributors/email/server.py", line 235, in eomReceived
if self.message.is_multipart():
builtins.AttributeError: 'NoneType' object has no attribute 'is_multipart'
```https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/19997BridgeDB's get-tor-exits script doesn't account for IPv62022-03-01T17:35:40ZIsis LovecruftBridgeDB's get-tor-exits script doesn't account for IPv6As Arlo pointed out [on the tor-dev mailing list](https://lists.torproject.org/pipermail/tor-dev/2016-August/011318.html), the `exit-addresses` script running on check.torproject.org doesn't include IPv6 exit addresses, making anything t...As Arlo pointed out [on the tor-dev mailing list](https://lists.torproject.org/pipermail/tor-dev/2016-August/011318.html), the `exit-addresses` script running on check.torproject.org doesn't include IPv6 exit addresses, making anything that relies upon the list unreliable. BridgeDB's `scripts/get-tor-exits` downloads the output of `exit-addresses`, and uses it to treat clients using Tor to request bridges as coming from the same address. Not taking IPv6 addresses into account will allow an adversary to use IPv6-capable tor exits to get additional bridges during a time period.
Some new script should be written to generate a list of IPv6 (optionally also IPv4 addresses, so that everything is in one document) exit addresses to fix this issue.https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/12627canonicalFromSMTP is not what we think it should be2022-03-01T17:35:41ZMatthew FinkelcanonicalFromSMTP is not what we think it should be```
13:29:04 INFO L568:autoresponder.reply() Got an email; deciding whether to reply.
13:29:04 DEBUG L606:autoresponder.runCheck() Canonicalizing client email domain...
13:29:04 DEBUG L613:autoresponder.runCheck() Canonical ...```
13:29:04 INFO L568:autoresponder.reply() Got an email; deciding whether to reply.
13:29:04 DEBUG L606:autoresponder.runCheck() Canonicalizing client email domain...
13:29:04 DEBUG L613:autoresponder.runCheck() Canonical email domain: gmail.com
13:29:04 ERROR L620:autoresponder.runCheck() SMTP/Email canonical domain mismatch! ponticum vs gmail.com
```
The last line is generated by:
```
# The canonical domains from the SMTP ``MAIL FROM:`` and the email
# ``From:`` header should match:
if self.incoming.canonicalFromSMTP != canonicalFromEmail:
logging.error("SMTP/Email canonical domain mismatch!")
return False
```
and canonicalFromSMTP is provided by SMTPMessage().
I'm hotfixing it for now.meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/12089BridgedDB can be forced to email arbitrary email addresses2022-03-01T17:35:40ZIsis LovecruftBridgedDB can be forced to email arbitrary email addressesSee legacy/trac#12086.
From [this commit message](https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/4c18a4e2b89872c5731d4301665642065980086e) for [this unittest](https://gitweb.torproject.org/user/isis/bridgedb.git/blob/4c...See legacy/trac#12086.
From [this commit message](https://gitweb.torproject.org/user/isis/bridgedb.git/commitdiff/4c18a4e2b89872c5731d4301665642065980086e) for [this unittest](https://gitweb.torproject.org/user/isis/bridgedb.git/blob/4c18a4e2b89872c5731d4301665642065980086e:/lib/bridgedb/test/test_email_server.py#l326):
> BridgeDB will accept an email from an arbitrary gmail/yahoo email address at the SMTP layer, and then send the reply to a *different* arbitrary gmail/yahoo email address taken from the contents of the email headers.
>
> As you can see in the example...
(in the ticket description of legacy/trac#12086)
> the SMTP command
>
> {{{
> MAIL FROM: isisgrimalkin@gmail.com
> }}}
>
> combined with a `'From: isislovecruft@gmail.com'` in the email headers within the SMTP `DATA` segment caused the reply to be sent the reply to the later, when it came from the former.
While this was done quick-and-dirty with netcat, it's probably possible to configure msmtp to send a the same SMTP commands/info with embedded email headers still specifying an arbitrary email address, such that Gmail/Yahoo would produce a valid DKIM signature for it and pass it along to BridgeDB. (And thus the issue isn't merely that DKIM verification appears to be broken, but the issue is that we're not checking that source of an incoming email matches the destination of the response.)
> In addition, the person reading such a unsolicited response from BridgeDB also has no way to know who originally emailed BridgeDB to cause this email to end up in her inbox in the first place.
>
> I'm not exactly certain if this is a bug or a feature. While it could be used for sending some junk to an arbitrary gmail/yahoo address, it could also be used as a sort of
>
> "Dear BridgeDB, can I have some bridges? Asking for a friend."
>
> mechanism.
I'm guessing that we're likely to see more use of it for the former, more malicious activity than the latter benevolent one, and so we should probably consider this a pretty serious bug.
-----------------------------------------------------------------------------
Side note:
All the bugs found with that unittest were present in older versions of BridgeDB, and possibly have always been present, and they don't appear to be resultant from my recent rewrite of the email servers ([as sysrqb noted](https://trac.torproject.org/projects/tor/ticket/5463#comment:21), my rewrite retained portions of the old codebase). I just wanted to point that out so that I'm not blamed for introducing them. Unfortunately, I didn't catch this while staring at the code for several hours. (But hiphiphooray for unittests! :D )meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/10802Getting bridges only for port 80,4432022-07-24T17:07:58ZTracGetting bridges only for port 80,443I am running TBB behind a corporate proxy that only allows traffic to port 80 and 443. When I get new bridges from https://bridges.torproject.org they are mostly running on ports that are blocked for me. It would be good to have a checkb...I am running TBB behind a corporate proxy that only allows traffic to port 80 and 443. When I get new bridges from https://bridges.torproject.org they are mostly running on ports that are blocked for me. It would be good to have a checkbox "80,443" on the page that would allow to only get bridges with port 80, 443.
Thanks,
Torland
**Trac**:
**Username**: torland