commit 4c06c619faceb5d158a725d97fda45cadb2cf9c9
parent e2c1ac214c0ae77282709b50fb9fbdde50dd7a1f
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 18 May 2021 08:40:09 -0400
Use a more secure hash function for the circuitmux hashtable.
Fixes bug 40931; bugfix on 0.2.4.4-alpha. Also tracked as
TROVE-2021-005.
This issue was reported by Jann Horn from Google's Project Zero.
Diffstat:
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/changes/bug40391 b/changes/bug40391
@@ -0,0 +1,9 @@
+ o Major bugfixes (security):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look up
+ circuits in a circuitmux object. An attacker could exploit this to
+ construct circuits with chosen circuit IDs in order to try to create
+ collisions and make the hash table inefficient. Now we use a SipHash
+ construction for this hash table instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
+ Reported by Jann Horn from Google's Project Zero.
diff --git a/src/core/or/circuitmux.c b/src/core/or/circuitmux.c
@@ -216,9 +216,10 @@ chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
static inline unsigned int
chanid_circid_entry_hash(chanid_circid_muxinfo_t *a)
{
- return (((unsigned int)(a->circ_id) << 8) ^
- ((unsigned int)((a->chan_id >> 32) & 0xffffffff)) ^
- ((unsigned int)(a->chan_id & 0xffffffff)));
+ uint8_t data[8 + 4];
+ set_uint64(data, a->chan_id);
+ set_uint32(data + 8, a->circ_id);
+ return (unsigned) siphash24g(data, sizeof(data));
}
/* Declare the struct chanid_circid_muxinfo_map type */
@@ -1361,4 +1362,3 @@ circuitmux_compare_muxes, (circuitmux_t *cmux_1, circuitmux_t *cmux_2))
return 0;
}
}
-
