Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-06-13 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:  fixed
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by nickm):

 * status:  merge_ready => closed
 * resolution:   => fixed


Comment:

 Merged to 0.3.1 and forward!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-06-12 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:
 |  merge_ready
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:  dgoulet  |Sponsor:
-+-
Changes (by dgoulet):

 * status:  needs_review => merge_ready
 * reviewer:  mikeperry => dgoulet


Comment:

 lgtm;

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-24 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by TBD.Chen):

 So that's it! Thank you for the explanation!
 I have seen the modification, I think it is enough to remove the hidden
 danger.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-24 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 Whoops, sorry -- my branches are in my personal repository at
 https://git.torproject.org/nickm/tor.git !

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-23 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by TBD.Chen):

 Replying to [comment:3 nickm]:
 > One-line fix in my branch `bug26158_031`; please review.
 Hi, I really want to review this, because this is my first bug found in my
 life, even it is not very serious. But I don't know how to check it. I
 clone the project through the code,
 {{{
 git clone -b bug26158_031 https://git.torproject.org/tor.git
 }}}
 but I can't find this branch, could you give me a url or teach me the
 method to find the branch.
 I am a new guy in this area :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-22 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by nickm):

 * status:  new => needs_review


Comment:

 One-line fix in my branch `bug26158_031`; please review.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-22 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by nickm):

 We may as well apply this fix as far back as possible; it's unlikely to
 cause any surprising side effects.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-21 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
-+-
 Reporter:  TBD.Chen |  Owner:  (none)
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:  Tor:
 |  0.3.4.x-final
Component:  Core Tor/Tor |Version:  Tor:
 |  0.3.0.1-alpha
 Severity:  Normal   | Resolution:
 Keywords:  circular-path, security-low, |  Actual Points:
  031-backport, 032-backport, 033-backport,  |
  034-backport   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by teor):

 * keywords:  circular-path =>
 circular-path, security-low, 031-backport, 032-backport, 033-backport,
 034-backport
 * version:  Tor: 0.3.2.10 => Tor: 0.3.0.1-alpha
 * milestone:  Tor: 0.3.2.x-final => Tor: 0.3.4.x-final


Comment:

 Thanks for reporting this issue!

 This is a bug in commit c837786 in 0.3.0.1-alpha.

 I've marked it as security-low, because since commit 592a439 in
 0.2.7.2-alpha, directory authorities pin relay ed25519 keys to RSA keys.
 This means that a relay in the consensus can't pass the RSA check, but
 fail the ed25519 check.

 (A client can't loop between two bridges using different keys, because RSA
 IDs are mandatory. When we stop making RSA IDs mandatory, we'll need to
 think carefully about this issue, and multiple ORPorts as well.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26158 [Core Tor/Tor]: A little bug of circular path of Tor

2018-05-21 Thread Tor Bug Tracker & Wiki 
#26158: A little bug of circular path of Tor
--+
 Reporter:  TBD.Chen  |  Owner:  (none)
 Type:  defect| Status:  new
 Priority:  Medium|  Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |Version:  Tor: 0.3.2.10
 Severity:  Normal|   Keywords:  circular-path
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 In order to defend the **circular-path** attacks, Tor relays detects the
 next hop and  previous hop of a circuit through node-id and Ed25519-id.
 However, when the Tor relay detects the previous node has the same
 Ed25519-id with next node, it forgot to return -1, and continue to extend
 the circuit.
 This might cause some loopholes for the circular-path.
 {{{
   /* Next, check if we're being asked to connect to the hop that the
* extend cell came from. There isn't any reason for that, and it can
* assist circular-path attacks. */
   if (tor_memeq(ec.node_id,
 TO_OR_CIRCUIT(circ)->p_chan->identity_digest,
 DIGEST_LEN)) {
 log_fn(LOG_PROTOCO[[Image()]]L_WARN, LD_PROTOCOL,
"Client asked me to extend back to the previous hop.");
 return -1;
   }

   /* Check the previous hop Ed25519 ID too */
   if (! ed25519_public_key_is_zero(_pubkey) &&
   ed25519_pubkey_eq(_pubkey,
 _OR_CIRCUIT(circ)->p_chan->ed25519_identity)) {
 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Client asked me to extend back to the previous hop "
"(by Ed25519 ID).");
   }
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs