commit d9edf143abd05378246ebeadf0834d6ef57928fd
parent 085bf61a351a6fce94046afe68a17eda0b133606
Author: Nick Mathewson <nickm@torproject.org>
Date: Thu, 10 Jun 2021 08:42:15 -0400
Merge branch 'maint-0.4.6'
Diffstat:
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/changes/bug40391 b/changes/bug40391
@@ -0,0 +1,9 @@
+ o Major bugfixes (security):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look up
+ circuits in a circuitmux object. An attacker could exploit this to
+ construct circuits with chosen circuit IDs in order to try to create
+ collisions and make the hash table inefficient. Now we use a SipHash
+ construction for this hash table instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
+ Reported by Jann Horn from Google's Project Zero.
diff --git a/src/core/or/circuitmux.c b/src/core/or/circuitmux.c
@@ -169,9 +169,10 @@ chanid_circid_entries_eq(chanid_circid_muxinfo_t *a,
static inline unsigned int
chanid_circid_entry_hash(chanid_circid_muxinfo_t *a)
{
- return (((unsigned int)(a->circ_id) << 8) ^
- ((unsigned int)((a->chan_id >> 32) & 0xffffffff)) ^
- ((unsigned int)(a->chan_id & 0xffffffff)));
+ uint8_t data[8 + 4];
+ set_uint64(data, a->chan_id);
+ set_uint32(data + 8, a->circ_id);
+ return (unsigned) siphash24g(data, sizeof(data));
}
/* Emit a bunch of hash table stuff */
