1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
|
Return-Path: <vitteaymeric@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5F98FC59
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Nov 2019 19:40:22 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com
[209.85.128.49])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C28A78A8
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Nov 2019 19:40:20 +0000 (UTC)
Received: by mail-wm1-f49.google.com with SMTP id q70so7337064wme.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 08 Nov 2019 11:40:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date
:user-agent:mime-version:in-reply-to:content-language;
bh=l4exszD2sso4baXef+fs9NmhRmYp63Zv5NL6AOu0GEA=;
b=oqSh5hZFBlM+HfS1SyoW55j5ML+ED8IahK3LhEc9/72YhBjzPPAjrDvegSjnQMhMz3
YS0kLyN3Q3xhU0Rm11FDNdEj6PGcN2wfccADtoTtrIeAvgeR11LByUgZ/0LQjKjXzntK
ofhKlJyGMT8cvrr1tANuyMxOuQGHG5n7N+TI22x6bMRPw7BBg4X66xUcBv6b6VWDQh91
ZOYPnbQ9D8L/euaKSlnZtKiT2VU2P0fchq9luMHnUj2giDJvCMuCX1HBpC9VtipQ073i
oe1xEktuLZlkLW0JF3IEm+AKEava0mnHsThABxXFkcQq/lwAH5b4Et030BL7EbqZOxOW
eqFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt
:message-id:date:user-agent:mime-version:in-reply-to
:content-language;
bh=l4exszD2sso4baXef+fs9NmhRmYp63Zv5NL6AOu0GEA=;
b=Xd8/FYeCUBPYzXTvvo2i+8zqdwBJai9xSVj+c+el7tgJzSJm7CNHoJ+YPJgobZn0P9
w60K3V9B9ETiC4AwrQyUrtAywlAy55p50jJOhPxFUmVT4WzUW5MqbbQ5Udx381+yX7Mn
eivUhvPLNYn8QYdTQifj8KwZE17Bz7uc3euMM8KUMs3PX4B+jlCpyYJobGH7pg97NFVP
E7KGCVojX5lkU7pxQkL1UPtAXRbuV0fZZRJ+jic90Bn2C2BP3I5h3+IZsifB22nvYRHp
kiRUTsZIaQ1WK4+ehENTAt7WlrfPhdldxSQAFnl8LWU1zQGRuc8qX0TQNxWUVAV6HrQk
jPBA==
X-Gm-Message-State: APjAAAWQDQls5oP48ED3CIOI1SShZ716zj3Fvy0abYOdosbwI3PfkSvL
ry/1grlXAyxRc4w4dLK3VcM=
X-Google-Smtp-Source: APXvYqzA1Y47c2X2L0i+F8aiiMMr4afW82x6V2ptFddQCKVTtaUhzxdYMc0pS0HjJE7quZYcSN7GvA==
X-Received: by 2002:a05:600c:2253:: with SMTP id
a19mr9771599wmm.97.1573242019338;
Fri, 08 Nov 2019 11:40:19 -0800 (PST)
Received: from ?IPv6:2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17?
([2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17])
by smtp.googlemail.com with ESMTPSA id
v10sm9760407wmg.48.2019.11.08.11.40.17
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 08 Nov 2019 11:40:18 -0800 (PST)
To: LORD HIS EXCELLENCY JAMES HRMH <willtech@live.com.au>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
Luke Dashjr <luke@dashjr.org>
References: <201911081507.40441.luke@dashjr.org>
<PS2P216MB0179D441FBC93122CDE5354D9D7B0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
From: Aymeric Vitte <vitteaymeric@gmail.com>
Openpgp: preference=signencrypt
Autocrypt: addr=vitteaymeric@gmail.com; prefer-encrypt=mutual; keydata=
mQINBFdW8uABEAC7HJScbB2d/lmYoY5Cn9loEjJwfLs1LC3om030bWFGiH3Ceo5XeHUT94rw
Pi+HaHU8ea94425SXIFsnqp/ouoT/8Ffn6vED0OoRmK0jE4fqDApXSpoL2mHX9PAGdUItMtD
YrxBiBZNfMkctEsm4NrQ4TCvB3Yrm6Fc69inXJjUoYgPw5tHafEeI8Qwh0j99JZZDKcAqIra
JF3MPc59rATz0qOJtRP9EpsPVFwjJe13zN6CHILwiVgrL8EtT5WKCVO6ATxh60LHi8+MwPxV
V31zp/NNI5Hck+XocEMO98ZvUu9X8ZxmnOk/+9pBxXEwUqSGUNWdmPJLncpI23Usce3u/MOo
M2C4T4rD4J0XrXiyBvbeTvwq4qVNlyggeWzlBH+YpEYgDctPq4gNh4eoTtAkf8URtBeke5bQ
CGdaZt/jxv8nvmxs9V/iSyg5ldJLQktHStXOo0OZ7FEB2C6Ggtymm4hm2MHYg07Q1MGJrFLa
oJZkJ3JeXnVsZMam7ypQtld6rRa96CvH+llXwux6aQ5hKdzmBBMQ10LlkZhkExgTawbeqdiG
RMP2DjD5go6TPdAHS4NN34SBkrTWLqgWOjN/lnG77bbLnpMl0P+xBTuqw1oSXaDbcdHE2nGY
lRno/ZZIfr+1Bq56DZLBX/WpnAT4f5WtofL4CxQM9SbG6byyewARAQABtCJBeW1lcmljIFZp
dHRlIDxheW1lcmljQHBlZXJzbS5jb20+iQI/BBMBCAApBQJXVvLgAhsjBQkJZgGABwsJCAcD
AgEGFQgCCQoLBBYCAwECHgECF4AACgkQKh17NCYnrDm3WhAAlYmgtSmtfqjBvQMqkmtqiQJA
aZkzFZWt6+zroduHH5/Tp8jh73gFqCUyRrl/kcKvs2+XQhfrOwk1R6OScF25bpnrZSeuyJnZ
MZu4T0P2tGS8YdddQvWUHMtI9ZnQRuYmuZT23/hgj1JnukuGvGLeY0yDUa1xFffPN39shp5X
FPMcpIVOV3bs+xjAdsyfRyO3qJAD1FGiR7ggJeoaxUbKZ6NtcVUPPRMjVTKfopkuDwKY318m
BE0epfxSZ/iRhsJ0/sREUWgbgq4/QvCFwBKzgz7fTikGmf8OELWSdofmXs7gOtmMc3el8fJu
W8PVa/OsIQHDmwSzvxmE8ba5M8bdwOYEraTWFArIymAAtRXKxmuYpkqKfeSlbCwae3W+pgNT
8nKYRVAFlMtIxYkmPYyMTk9kCscmSqugGWbWdnqe/dhVaa31xa1qO1tDH24D2/tjCJRQt4Jk
AEWNSmjCmjfeArMEFTGlZwMTAjVXErLSPbLOsZiZhD9sjvSbfzrtJiMli2h9+Dvds+AJk1PM
O8LW7cCNyFoCk4OdAxzJHobZ25G+uy4NSQEHgxLC2iuh/tugz1tOHnQczPc/3AkVVI9A5DF1
gbVRBJh6rI7sAcwuR76uoOs0Rpp7r6I66xqU/5eq8g1OsJp89tw0ppSIa0YmaxNqQZ0l3rVX
o/ZwpBjtNQS5Ag0EV1by4AEQANhlz3Ywff4dY1HTdn05v0wVUxZzW2PUih+96m6EhpUrD9BT
vxriKtbgxm/zl+5YAlThbrk9f0QyVTHJ95Z1/M5qjuksP9Zn3qZ/8ylANDkN2s3z8Bq/LJA+
u7+APhMqyFWK0FqNCOogClvijiKPEzkU6tmDGO6wZ5pR/u8Fdq7DGQgwgyGZZc7qstte0M7l
yx7bVRlPBqvd6kyX3YubQHzkctf46nFjiYZgKawdWFsA3PCdSBupbhixL5d/t1UK9ZTiQJcf
0uhHzT06qwolFrm/ugkLDHtE4Zo3BuKch47Sms8P2hJ08gABxeJHg0ZgkIUy/Xf4nHbDCBJw
T8tE8pWYWA2ECiPNo0TOCMVOueEzISUNKINfCuFHSbMQU39hgt3ofxODbAjOiO3e/iu1ptck
AkuVBdtjOBP4tHRGxVrbf5EuAV5U5xtiSxMwMgojg0GIXZjnT/8uvWqcLqtJILRMmmu+WNvD
oxuiJzcTJhDai9oujmxQwcpMvgrBB89KSTDyitO5XVjZqaR7Zxvvn3rM4bAms/lotv9+pTyh
spazTIxb80u0ifJ6y1RxAkxQCfWwps1i3VbsM6OKX78aUyOf5V4ihXF57M37tOqPRwFvz6a+
AIIhUNMTLo2H+o6Vw9qbX8SUxPHPs6YpJ8lWQJ9OMWHE+SbaDFAi/D5hYRubABEBAAGJAiUE
GAEIAA8FAldW8uACGwwFCQlmAYAACgkQKh17NCYnrDmk4Q/9Fuu0h5HvIiO3ieYA2StdE7hO
vv2THuesjJDsj6aQUTgknaxKptJogNe3dDyIT+FHxXmCw0Nrbm9Q3ryl80z/G9utfFNO3Gwc
q31QW3n3LJHnpqdrV3WsRzT5NwJMVtiIAGRrX8ZomtarWHT0PeEHC2xBdFzRrJtmkrwer0Wc
0nBzD7vk1XEXC9nODbmlgsesoHFgRwQBst3wClCbX1gv8aSfxQNpaf9UBC8DmyrQ621UXpBo
PvcFEtWxV44vJfP0WOLCCN0Pzv2F2I66iKo7VMqbr5jlNAXJN9I1hXb7qwYJmBC9j5oeEoqv
A9d44WWpxrdAr8qih4Nv89k9+9F6NoqORY3FGuVDKiW8CVhCmGT7bIvNeyicVBZFipXqPcKL
VFduO2c5Ubc2npMWLUF1k9JJc9tH75l3+F/0RbYVTzGAZ+zSaudwR6h8YiCN2DBZGZkJEZbh
3X/l6jtijMN/W9sPHyyKvm/TmeEC27S3TqZPZ8PUQLxZC70V6gMbenh01JdSQsn5t8Ru0RNh
Blt0g7IyZyIKCE9b+TyzbYpX6qgqEBUHia5b0vyPtQacWQlZ8uqnghAqNkLluEsy7Q/7xG6M
wXUYEDsFOmB9dKOzcAOIhpxlVjSKu5mzXJ11sEtE8nyF5NJ/riCA7FGcjlki3zIpzQUNo9v7
vXl2h6Tivlk=
Message-ID: <b6ccd41b-3232-80d2-ab66-5ffa0f7abfac@gmail.com>
Date: Fri, 8 Nov 2019 20:40:17 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:60.0) Gecko/20100101
Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <PS2P216MB0179D441FBC93122CDE5354D9D7B0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
Content-Type: multipart/alternative;
boundary="------------6BF0EE4CC9D5B8885EE8FEF4"
Content-Language: fr
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: "security@bitcoincore.org" <security@bitcoincore.org>
Subject: Re: [bitcoin-dev] CVE-2017-18350 disclosure
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2019 19:40:22 -0000
This is a multi-part message in MIME format.
--------------6BF0EE4CC9D5B8885EE8FEF4
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Sure, but what is questionable here is the use of SOCKS proxy, for Tor I
think as the main purpose, making it dangerous for the "whole bitcoin
world" while it's something like of zero interest/use (or please let me
know what it is beside Tor)
The Tor network is very centralized and not designed at all to handle
p2p networks (which bitcoin is still not), it is designed to be used via
the Tor Browser to browse the web and to hide web servers, not bitcoin
nodes, and there are a lot of misbehaving/dangerous nodes there, there
is no encryption in bitcoin protocol, an exit node can fake whatever it
likes, this seems to be a use case as far as I can see, but even if the
initiator is configured to connect to a hidden bitcoin node, I don't see
the point
I have advertised recentlty the open sourcing of node-Tor
(https://github.com/Ayms/node-Tor) here
This one is designed for p2p, not over the Tor network but using the Tor
protocol, as simple as bitcoin.pipe(node-Tor), or <any
protocol>.pipe(node-Tor), which is the finality of the project as far as
I see it since years (maybe see http://www.peersm.com/Convergence.pdf
even if I would modify some parts now)
Inside servers or browsers acting as servers also (WebRTC or
WebSockets), bitcoin peers (servers/browsers) relaying the bitcoin
anonymized protocol using the Tor protocol (and not the Tor network)
between each others, there is no story of exit nodes here and rdv points
would not apply for bitcoin use, this "just" adds the internal missing
encryption and anonymity layer to the bitcoin protocol
Personally I would remove the socks proxy interface from bitcoin core,
independently of Tor this can be misused too and offers absolutely zero
security
Le 08/11/2019 à 18:03, LORD HIS EXCELLENCY JAMES HRMH via bitcoin-dev a
écrit :
> It goes without saying in that all privately known CVE should be
> handled so professionally but, that is, well done team.
>
> Regards,
> LORD HIS EXCELLENCY JAMES HRMH
>
>
> ------------------------------------------------------------------------
> *From:* bitcoin-dev-bounces@lists.linuxfoundation.org
> <bitcoin-dev-bounces@lists.linuxfoundation.org> on behalf of Luke
> Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
> *Sent:* Saturday, 9 November 2019 2:07 AM
> *To:* bitcoin-dev@lists.linuxfoundation.org
> <bitcoin-dev@lists.linuxfoundation.org>
> *Cc:* security@bitcoincore.org <security@bitcoincore.org>
> *Subject:* [bitcoin-dev] CVE-2017-18350 disclosure
>
> CVE-2017-18350 is a buffer overflow vulnerability which allows a
> malicious
> SOCKS proxy server to overwrite the program stack on systems with a
> signed
> `char` type (including common 32-bit and 64-bit x86 PCs).
>
> The vulnerability was introduced in
> 60a87bce873ce1f76a80b7b8546e83a0cd4e07a5
> (SOCKS5 support) and first released in Bitcoin Core v0.7.0rc1 in 2012
> Aug 27.
> A fix was hidden in d90a00eabed0f3f1acea4834ad489484d0012372 ("Improve
> and
> document SOCKS code") released in v0.15.1, 2017 Nov 6.
>
> To be vulnerable, the node must be configured to use such a malicious
> proxy in
> the first place. Note that using *any* proxy over an insecure network
> (such
> as the Internet) is potentially a vulnerability since the connection
> could be
> intercepted for such a purpose.
>
> Upon a connection request from the node, the malicious proxy would
> respond
> with an acknowledgement of a different target domain name than the one
> requested. Normally this acknowledgement is entirely ignored, but if the
> length uses the high bit (ie, a length 128-255 inclusive), it will be
> interpreted by vulnerable versions as a negative number instead. When the
> negative number is passed to the recv() system call to read the domain
> name,
> it is converted back to an unsigned/positive number, but at a much
> wider size
> (typically 32-bit), resulting in an effectively infinite read into and
> beyond
> the 256-byte dummy stack buffer.
>
> To fix this vulnerability, the dummy buffer was changed to an explicitly
> unsigned data type, avoiding the conversion to/from a negative number.
>
> Credit goes to practicalswift (https://twitter.com/practicalswift) for
> discovering and providing the initial fix for the vulnerability, and
> Wladimir
> J. van der Laan for a disguised version of the fix as well as general
> cleanup
> to the at-risk code.
>
> Timeline:
> - 2012-04-01: Vulnerability introduced in PR #1141.
> - 2012-05-08: Vulnerability merged to master git repository.
> - 2012-08-27: Vulnerability published in v0.7.0rc1.
> - 2012-09-17: Vulnerability released in v0.7.0.
> ...
> - 2017-09-21: practicalswift discloses vulnerability to security team.
> - 2017-09-23: Wladimir opens PR #11397 to quietly fix vulernability.
> - 2017-09-27: Fix merged to master git repository.
> - 2017-10-18: Fix merged to 0.15 git repository.
> - 2017-11-04: Fix published in v0.15.1rc1.
> - 2017-11-09: Fix released in v0.15.1.
> ...
> - 2019-06-22: Vulnerability existence disclosed to bitcoin-dev ML.
> - 2019-11-08: Vulnerability details disclosure to bitcoin-dev ML.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
--
Move your coins by yourself (browser version): https://peersm.com/wallet
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
--------------6BF0EE4CC9D5B8885EE8FEF4
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Sure, but what is questionable here is the use of SOCKS proxy,
for Tor I think as the main purpose, making it dangerous for the
"whole bitcoin world" while it's something like of zero
interest/use (or please let me know what it is beside Tor)<br>
<br>
The Tor network is very centralized and not designed at all to
handle p2p networks (which bitcoin is still not), it is designed
to be used via the Tor Browser to browse the web and to hide web
servers, not bitcoin nodes, and there are a lot of
misbehaving/dangerous nodes there, there is no encryption in
bitcoin protocol, an exit node can fake whatever it likes, this
seems to be a use case as far as I can see, but even if the
initiator is configured to connect to a hidden bitcoin node, I
don't see the point<br>
<br>
I have advertised recentlty the open sourcing of node-Tor
(<a class="moz-txt-link-freetext" href="https://github.com/Ayms/node-Tor">https://github.com/Ayms/node-Tor</a>) here<br>
<br>
This one is designed for p2p, not over the Tor network but using
the Tor protocol, as simple as bitcoin.pipe(node-Tor), or <any
protocol>.pipe(node-Tor), which is the finality of the project
as far as I see it since years (maybe see
<a class="moz-txt-link-freetext" href="http://www.peersm.com/Convergence.pdf">http://www.peersm.com/Convergence.pdf</a> even if I would modify some
parts now)<br>
<br>
Inside servers or browsers acting as servers also (WebRTC or
WebSockets), bitcoin peers (servers/browsers) relaying the bitcoin
anonymized protocol using the Tor protocol (and not the Tor
network) between each others, there is no story of exit nodes here
and rdv points would not apply for bitcoin use, this "just" adds
the internal missing encryption and anonymity layer to the bitcoin
protocol<br>
<br>
Personally I would remove the socks proxy interface from bitcoin
core, independently of Tor this can be misused too and offers
absolutely zero security<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Le 08/11/2019 à 18:03, LORD HIS
EXCELLENCY JAMES HRMH via bitcoin-dev a écrit :<br>
</div>
<blockquote type="cite"
cite="mid:PS2P216MB0179D441FBC93122CDE5354D9D7B0@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
It goes without saying in that all privately known CVE should be
handled so professionally but, that is, well done team.<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
Regards,</div>
<div style="font-family:Calibri,Helvetica,sans-serif;
font-size:12pt; color:rgb(0,0,0)">
LORD HIS EXCELLENCY JAMES HRMH<br>
</div>
<br>
<br>
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev-bounces@lists.linuxfoundation.org">bitcoin-dev-bounces@lists.linuxfoundation.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:bitcoin-dev-bounces@lists.linuxfoundation.org"><bitcoin-dev-bounces@lists.linuxfoundation.org></a> on
behalf of Luke Dashjr via bitcoin-dev
<a class="moz-txt-link-rfc2396E" href="mailto:bitcoin-dev@lists.linuxfoundation.org"><bitcoin-dev@lists.linuxfoundation.org></a><br>
<b>Sent:</b> Saturday, 9 November 2019 2:07 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:bitcoin-dev@lists.linuxfoundation.org"><bitcoin-dev@lists.linuxfoundation.org></a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:security@bitcoincore.org">security@bitcoincore.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:security@bitcoincore.org"><security@bitcoincore.org></a><br>
<b>Subject:</b> [bitcoin-dev] CVE-2017-18350 disclosure</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span
style="font-size:11pt">
<div class="PlainText">CVE-2017-18350 is a buffer
overflow vulnerability which allows a malicious
<br>
SOCKS proxy server to overwrite the program stack on
systems with a signed <br>
`char` type (including common 32-bit and 64-bit x86
PCs).<br>
<br>
The vulnerability was introduced in
60a87bce873ce1f76a80b7b8546e83a0cd4e07a5 <br>
(SOCKS5 support) and first released in Bitcoin Core
v0.7.0rc1 in 2012 Aug 27.<br>
A fix was hidden in
d90a00eabed0f3f1acea4834ad489484d0012372 ("Improve and
<br>
document SOCKS code") released in v0.15.1, 2017 Nov 6.<br>
<br>
To be vulnerable, the node must be configured to use
such a malicious proxy in <br>
the first place. Note that using *any* proxy over an
insecure network (such <br>
as the Internet) is potentially a vulnerability since
the connection could be <br>
intercepted for such a purpose.<br>
<br>
Upon a connection request from the node, the malicious
proxy would respond <br>
with an acknowledgement of a different target domain
name than the one<br>
requested. Normally this acknowledgement is entirely
ignored, but if the <br>
length uses the high bit (ie, a length 128-255
inclusive), it will be <br>
interpreted by vulnerable versions as a negative
number instead. When the <br>
negative number is passed to the recv() system call to
read the domain name, <br>
it is converted back to an unsigned/positive number,
but at a much wider size <br>
(typically 32-bit), resulting in an effectively
infinite read into and beyond <br>
the 256-byte dummy stack buffer.<br>
<br>
To fix this vulnerability, the dummy buffer was
changed to an explicitly <br>
unsigned data type, avoiding the conversion to/from a
negative number.<br>
<br>
Credit goes to practicalswift (<a
href="https://twitter.com/practicalswift"
moz-do-not-send="true">https://twitter.com/practicalswift</a>)
for
<br>
discovering and providing the initial fix for the
vulnerability, and Wladimir <br>
J. van der Laan for a disguised version of the fix as
well as general cleanup <br>
to the at-risk code.<br>
<br>
Timeline:<br>
- 2012-04-01: Vulnerability introduced in PR #1141.<br>
- 2012-05-08: Vulnerability merged to master git
repository.<br>
- 2012-08-27: Vulnerability published in v0.7.0rc1.<br>
- 2012-09-17: Vulnerability released in v0.7.0.<br>
...<br>
- 2017-09-21: practicalswift discloses vulnerability
to security team.<br>
- 2017-09-23: Wladimir opens PR #11397 to quietly fix
vulernability.<br>
- 2017-09-27: Fix merged to master git repository.<br>
- 2017-10-18: Fix merged to 0.15 git repository.<br>
- 2017-11-04: Fix published in v0.15.1rc1.<br>
- 2017-11-09: Fix released in v0.15.1.<br>
...<br>
- 2019-06-22: Vulnerability existence disclosed to
bitcoin-dev ML.<br>
- 2019-11-08: Vulnerability details disclosure to
bitcoin-dev ML.<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a
href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev"
moz-do-not-send="true">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a><br>
</div>
</span></font></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
bitcoin-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>
<a class="moz-txt-link-freetext" href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev">https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Move your coins by yourself (browser version): <a class="moz-txt-link-freetext" href="https://peersm.com/wallet">https://peersm.com/wallet</a>
Bitcoin transactions made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-transactions">https://github.com/Ayms/bitcoin-transactions</a>
Zcash wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/zcash-wallets">https://github.com/Ayms/zcash-wallets</a>
Bitcoin wallets made simple: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/bitcoin-wallets">https://github.com/Ayms/bitcoin-wallets</a>
Get the torrent dynamic blocklist: <a class="moz-txt-link-freetext" href="http://peersm.com/getblocklist">http://peersm.com/getblocklist</a>
Check the 10 M passwords list: <a class="moz-txt-link-freetext" href="http://peersm.com/findmyass">http://peersm.com/findmyass</a>
Anti-spies and private torrents, dynamic blocklist: <a class="moz-txt-link-freetext" href="http://torrent-live.org">http://torrent-live.org</a>
Peersm : <a class="moz-txt-link-freetext" href="http://www.peersm.com">http://www.peersm.com</a>
torrent-live: <a class="moz-txt-link-freetext" href="https://github.com/Ayms/torrent-live">https://github.com/Ayms/torrent-live</a>
node-Tor : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms/node-Tor">https://www.github.com/Ayms/node-Tor</a>
GitHub : <a class="moz-txt-link-freetext" href="https://www.github.com/Ayms">https://www.github.com/Ayms</a></pre>
</body>
</html>
--------------6BF0EE4CC9D5B8885EE8FEF4--
|
