Commit d71bf986 authored by Nick Mathewson's avatar Nick Mathewson 🐻
Browse files

Merge branch 'bug40391_035' into maint-0.3.5

parents 7fdfc2ea 4c06c619
o Major bugfixes (security):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look up
circuits in a circuitmux object. An attacker could exploit this to
construct circuits with chosen circuit IDs in order to try to create
collisions and make the hash table inefficient. Now we use a SipHash
construction for this hash table instead. Fixes bug 40391; bugfix on
0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
Reported by Jann Horn from Google's Project Zero.
......@@ -216,9 +216,10 @@ chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
static inline unsigned int
chanid_circid_entry_hash(chanid_circid_muxinfo_t *a)
{
return (((unsigned int)(a->circ_id) << 8) ^
((unsigned int)((a->chan_id >> 32) & 0xffffffff)) ^
((unsigned int)(a->chan_id & 0xffffffff)));
uint8_t data[8 + 4];
set_uint64(data, a->chan_id);
set_uint32(data + 8, a->circ_id);
return (unsigned) siphash24g(data, sizeof(data));
}
/* Declare the struct chanid_circid_muxinfo_map type */
......@@ -1361,4 +1362,3 @@ circuitmux_compare_muxes, (circuitmux_t *cmux_1, circuitmux_t *cmux_2))
return 0;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment