subject:"\[tor\-bugs\] #26214 \[Core Tor\/Tor\]\: Check stream SENDME against max"

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-07-02 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
---+
 Reporter:  mikeperry  |  Owner:  mikeperry
 Type:  defect | Status:  closed
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:  implemented
 Keywords:  tor-circuit, tor-cell  |  Actual Points:
Parent ID: | Points:
 Reviewer:  dgoulet|Sponsor:  SponsorV-can
---+
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => implemented


Comment:

 Backported to 0.3.4.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-06-21 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
---+
 Reporter:  mikeperry  |  Owner:  mikeperry
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-circuit, tor-cell  |  Actual Points:
Parent ID: | Points:
 Reviewer:  dgoulet|Sponsor:  SponsorV-can
---+

Comment (by nickm):

 Squashed as `mikeperry_bug26214-rebased_squashed`.  I'm merging this into
 master for now, to make sure it doesn't cause disaster on the network.  If
 it doesn't, let's merge to 0.3.4 as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-06-20 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
---+
 Reporter:  mikeperry  |  Owner:  mikeperry
 Type:  defect | Status:  merge_ready
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-circuit, tor-cell  |  Actual Points:
Parent ID: | Points:
 Reviewer:  dgoulet|Sponsor:  SponsorV-can
---+
Changes (by dgoulet):

 * status:  needs_review => merge_ready


Comment:

 lgtm;

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-06-19 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
---+
 Reporter:  mikeperry  |  Owner:  mikeperry
 Type:  defect | Status:  needs_review
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-circuit, tor-cell  |  Actual Points:
Parent ID: | Points:
 Reviewer:  dgoulet|Sponsor:  SponsorV-can
---+
Changes (by mikeperry):

 * status:  needs_revision => needs_review


Comment:

 Ok I responded to your comment on
 https://github.com/torproject/tor/pull/123, and added a new commit for the
 comment explaining why this change won't trigger against well-behaved
 clients.

 However, the branch now has conflicts, so I rebased it on top of
 maint-0.3.4 and created a new pull request:
 https://github.com/torproject/tor/pull/162 (The rust tests are failing but
 that is not because of me -- I only changed the comment and fixed a
 conflict... the other builds pass).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-06-08 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
---+
 Reporter:  mikeperry  |  Owner:  mikeperry
 Type:  defect | Status:  needs_revision
 Priority:  Medium |  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tor-circuit, tor-cell  |  Actual Points:
Parent ID: | Points:
 Reviewer:  dgoulet|Sponsor:  SponsorV-can
---+
Changes (by dgoulet):

 * status:  needs_review => needs_revision
 * keywords:   => tor-circuit, tor-cell


Comment:

 Quick question in the review. If you think it is OK, I would be for an
 extra comment that says why it is OK since this is a bit confusing.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-06-06 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:  dgoulet   |Sponsor:  SponsorV-can
--+
Changes (by dgoulet):

 * reviewer:   => dgoulet


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-05-27 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorV-can
--+
Changes (by mikeperry):

 * status:  needs_revision => needs_review


Comment:

 Ok fixed + added tests to cover this case. Same pull request.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-05-27 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_revision
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorV-can
--+
Changes (by mikeperry):

 * status:  needs_review => needs_revision


Comment:

 Eep. Test failure.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-05-26 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:  SponsorV-can
--+
Changes (by mikeperry):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/tor/pull/123

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

2018-05-26 Thread Tor Bug Tracker & Wiki

#26214: Check stream SENDME against max
--+
 Reporter:  mikeperry |  Owner:  mikeperry
 Type:  defect| Status:  assigned
 Priority:  Medium|  Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor  |Version:
 Severity:  Normal|   Keywords:
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:  SponsorV-can  |
--+
 In connection_edge_process_relay_cell() under the RELAY_COMMAND_SENDME
 handling, we check the circuit-level sendme against the window START_MAX,
 but we do not check the stream level SENDME against any max

 This means that an attacker can send as many stream-level sendme's on a
 circuit as they like, inflating the stream window as large as they like.
 This might be a serious OOM bug, but the circuit level SENDME check should
 prevent that, I think.

 Even so, it would be nice to fix this in 0.3.4, so that the vanguards
 script's detection of invalid/dropped circuit data is more accurate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

Re: [tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

[tor-bugs] #26214 [Core Tor/Tor]: Check stream SENDME against max

10 matches

Site Navigation

Mail list logo

Footer information