Commit 31eaa81f authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Merge branch 'maint-0.3.5' into maint-0.4.4

parents 7c19a4d9 d71bf986
o Major bugfixes (security):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look up
circuits in a circuitmux object. An attacker could exploit this to
construct circuits with chosen circuit IDs in order to try to create
collisions and make the hash table inefficient. Now we use a SipHash
construction for this hash table instead. Fixes bug 40391; bugfix on This issue is also tracked as TROVE-2021-005.
Reported by Jann Horn from Google's Project Zero.
......@@ -169,9 +169,10 @@ chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
static inline unsigned int
chanid_circid_entry_hash(chanid_circid_muxinfo_t *a)
return (((unsigned int)(a->circ_id) << 8) ^
((unsigned int)((a->chan_id >> 32) & 0xffffffff)) ^
((unsigned int)(a->chan_id & 0xffffffff)));
uint8_t data[8 + 4];
set_uint64(data, a->chan_id);
set_uint32(data + 8, a->circ_id);
return (unsigned) siphash24g(data, sizeof(data));
/* Emit a bunch of hash table stuff */
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment