[tor-bugs] #8207 [Tor]: Hidden service authorization can never succeed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 11 20:44:54 UTC 2013
#8207: Hidden service authorization can never succeed
--------------------+-------------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version: Tor: 0.2.4.1-alpha
Keywords: tor-hs | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Have a look at the refactored rend_service_introduce() in 0.2.4.
We set auth_len to 0 at the start of the function. Nothing changes it
later. But at the end of the function, we do:
{{{
if (service->clients) {
if (auth_len > 0) {
if (rend_check_authorization(service, auth_data)) {
log_info(LD_REND, "Authorization data in INTRODUCE2 cell are
valid.");
} else {
log_info(LD_REND, "The authorization data that are contained in "
"the INTRODUCE2 cell are invalid. Dropping cell.");
reason = END_CIRC_REASON_CONNECTFAILED;
goto err;
}
} else {
log_info(LD_REND, "INTRODUCE2 cell does not contain authentication "
"data, but we require client authorization. Dropping
cell.");
reason = END_CIRC_REASON_CONNECTFAILED;
goto err;
}
}
}}}
Since auth_len is always 0, we will always say that the introduce2 cell
had no authorization data, and fail.
The commit 471ab340325 introduced this bug in 0.2.4.1-alpha.
Fortunately, this is a fail-closed bug: we are making all the auth fail,
not succeed. Unfortunately, the fact that nobody has reported this would
seem to indicate that nobody has tried using hidden service authentication
with 0.2.4.x.
Spotted by Coverity; this is CID 718615. I've got a fix -- just a second.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8207>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list