Loading changes/bug20012 0 → 100644 +12 −0 Original line number Diff line number Diff line o Major bugfixes (hidden services): - Clients require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service could use to discover which consensus a client has. Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. o Minor bugfixes (hidden services): - Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. src/or/rendclient.c +8 −33 Original line number Diff line number Diff line Loading @@ -1373,41 +1373,16 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, smartlist_del(usable_nodes, i); goto again; } /* Do we need to look up the router or is the extend info complete? */ /* All version 2 HS descriptors come with a TAP onion key. * Clients used to try to get the TAP onion key from the consensus, but this * meant that hidden services could discover which consensus clients have. */ if (!extend_info_supports_tap(intro->extend_info)) { const node_t *node; extend_info_t *new_extend_info; if (tor_digest_is_zero(intro->extend_info->identity_digest)) node = node_get_by_hex_id(intro->extend_info->nickname); else node = node_get_by_id(intro->extend_info->identity_digest); if (!node) { log_info(LD_REND, "Unknown router with nickname '%s'; trying another.", intro->extend_info->nickname); log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the " "intro-point relay '%s'; trying another.", safe_str_client(extend_info_describe(intro->extend_info))); smartlist_del(usable_nodes, i); goto again; } #ifdef ENABLE_TOR2WEB_MODE new_extend_info = extend_info_from_node(node, options->Tor2webMode); #else new_extend_info = extend_info_from_node(node, 0); #endif if (!new_extend_info) { const char *alternate_reason = ""; #ifdef ENABLE_TOR2WEB_MODE alternate_reason = ", or we cannot connect directly to it"; #endif log_info(LD_REND, "We don't have a descriptor for the intro-point relay " "'%s'%s; trying another.", extend_info_describe(intro->extend_info), alternate_reason); smartlist_del(usable_nodes, i); goto again; } else { extend_info_free(intro->extend_info); intro->extend_info = new_extend_info; } tor_assert(intro->extend_info != NULL); } /* Check if we should refuse to talk to this router. */ if (strict && routerset_contains_extendinfo(options->ExcludeNodes, Loading Loading
changes/bug20012 0 → 100644 +12 −0 Original line number Diff line number Diff line o Major bugfixes (hidden services): - Clients require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service could use to discover which consensus a client has. Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor. o Minor bugfixes (hidden services): - Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
src/or/rendclient.c +8 −33 Original line number Diff line number Diff line Loading @@ -1373,41 +1373,16 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, smartlist_del(usable_nodes, i); goto again; } /* Do we need to look up the router or is the extend info complete? */ /* All version 2 HS descriptors come with a TAP onion key. * Clients used to try to get the TAP onion key from the consensus, but this * meant that hidden services could discover which consensus clients have. */ if (!extend_info_supports_tap(intro->extend_info)) { const node_t *node; extend_info_t *new_extend_info; if (tor_digest_is_zero(intro->extend_info->identity_digest)) node = node_get_by_hex_id(intro->extend_info->nickname); else node = node_get_by_id(intro->extend_info->identity_digest); if (!node) { log_info(LD_REND, "Unknown router with nickname '%s'; trying another.", intro->extend_info->nickname); log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the " "intro-point relay '%s'; trying another.", safe_str_client(extend_info_describe(intro->extend_info))); smartlist_del(usable_nodes, i); goto again; } #ifdef ENABLE_TOR2WEB_MODE new_extend_info = extend_info_from_node(node, options->Tor2webMode); #else new_extend_info = extend_info_from_node(node, 0); #endif if (!new_extend_info) { const char *alternate_reason = ""; #ifdef ENABLE_TOR2WEB_MODE alternate_reason = ", or we cannot connect directly to it"; #endif log_info(LD_REND, "We don't have a descriptor for the intro-point relay " "'%s'%s; trying another.", extend_info_describe(intro->extend_info), alternate_reason); smartlist_del(usable_nodes, i); goto again; } else { extend_info_free(intro->extend_info); intro->extend_info = new_extend_info; } tor_assert(intro->extend_info != NULL); } /* Check if we should refuse to talk to this router. */ if (strict && routerset_contains_extendinfo(options->ExcludeNodes, Loading