Re: [tor-bugs] #27316 [Core Tor/Tor]: protover.c accepts arbitrary bytes in protocol names

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#27316: protover.c accepts arbitrary bytes in protocol names
-------------------------------------------------+-------------------------
 Reporter:  cyberpunks                           |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.2.9.4-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  protover, 029-backport,              |  Actual Points:
  032-backport, 033-backport, 034-backport,      |
  unicode                                        |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * milestone:   => Tor: unspecified


Comment:

 Thanks for finding this bug.

 Replying to [ticket:27316 cyberpunks]:
 > [https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt dir-
 spec.txt] defines a protocol name as a Keyword, and strictly limits what
 character set is allowed in a Keyword:
 > {{{
 >     Keyword = KeywordChar+
 >     KeywordChar ::= 'A' ... 'Z' | 'a' ... 'z' | '0' ... '9' | '-'
 > }}}
 >
 > But `"Foo_Bar=1"`, `",,,=1"`, and arbitrary Unicode strings like
 `"Risqu\u00e9=1"` are accepted.

 We can safely reject descriptors, votes, and consensuses containing non-
 keyword characters.

 > Bytes that aren't even valid Unicode like `"\xc1=1"` are also fine, as
 long as no bytes are the null byte, `=`, or the space character.

 Tor doesn't do any Unicode checks on directory documents yet.
 (More precisely, when built without Rust, tor doesn't do any Unicode
 checks. When built with Rust, protover does Unicode checks.)
 Here's a proposal for consistently checking Unicode in directory
 documents:
 https://gitweb.torproject.org/torspec.git/tree/proposals/285-utf-8.txt

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27316#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs