[tor-bugs] #30428 [Core Tor/Tor]: sendme: Failure to validate authenticated SENDMEs client side
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 15 15:08:59 UTC 2019
#30428: sendme: Failure to validate authenticated SENDMEs client side
-------------------------------------------+-------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: needs_review
Priority: Very High | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-circuit, sendme, 041-must | Actual Points:
Parent ID: #26288 | Points: 1
Reviewer: nickm | Sponsor: SponsorV
-------------------------------------------+-------------------------------
Changes (by dgoulet):
* status: needs_revision => needs_review
Comment:
Finally pushed the revision. I had to rebase on latest master since the
cpath layer was refactored to hide the `relay_crypto_t` object which
basically made this branch _not_ work and complicated conflict to resolve.
Thus the new PR.
With the chutney bidi branch from nickm, I confirm that this works
properly now (the `TIMEOUT = 3` needed to be changed to be able to
transfer more than 5MB).
The SENDME v0 also still works properly. And I've tested with a network
supporting and emitting only v1 with a client that only supports v0. And
vice versa with a network only v0 with a client doing v1.
PR: https://github.com/torproject/tor/pull/1026
Branch: `ticket30428_041_02`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30428#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list