[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [snowflake/main] Validate client and proxy supplied strings
commit b35a79ac247e53ca0a2dd25625e083e9bba395fa
Author: Cecylia Bocovich <cohosh@xxxxxxxxxxxxxx>
Date: Wed Jan 12 10:53:58 2022 -0500
Validate client and proxy supplied strings
Malicious clients and proxies can provide potentially malicious strings
in the polls. This validates the NAT type and proxy type strings to
ensure that malformed strings are not displayed on a web page
or passed to any of our monitoring infrastructure.
If a client or proxy supplies an invalid NAT type, we return an error
message. If a proxy supplies an unknown proxy type, we set the proxy
type to unknown.
---
common/messages/client.go | 12 ++++++++++--
common/messages/messages_test.go | 2 +-
common/messages/proxy.go | 35 ++++++++++++++++++++++++++++++-----
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/common/messages/client.go b/common/messages/client.go
index b40c582..edb7115 100644
--- a/common/messages/client.go
+++ b/common/messages/client.go
@@ -6,6 +6,8 @@ package messages
import (
"encoding/json"
"fmt"
+
+ "git.torproject.org/pluggable-transports/snowflake.git/v2/common/nat"
)
const ClientVersion = "1.0"
@@ -73,8 +75,14 @@ func DecodeClientPollRequest(data []byte) (*ClientPollRequest, error) {
return nil, fmt.Errorf("no supplied offer")
}
- if message.NAT == "" {
- message.NAT = "unknown"
+ switch message.NAT {
+ case "":
+ message.NAT = nat.NATUnknown
+ case nat.NATUnknown:
+ case nat.NATRestricted:
+ case nat.NATUnrestricted:
+ default:
+ return nil, fmt.Errorf("invalid NAT type")
}
return &message, nil
diff --git a/common/messages/messages_test.go b/common/messages/messages_test.go
index abb978d..a38746b 100644
--- a/common/messages/messages_test.go
+++ b/common/messages/messages_test.go
@@ -22,7 +22,7 @@ func TestDecodeProxyPollRequest(t *testing.T) {
{
//Version 1.0 proxy message
"ymbcCMto7KHNGYlp",
- "",
+ "unknown",
"unknown",
0,
`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`,
diff --git a/common/messages/proxy.go b/common/messages/proxy.go
index 3817c04..83606d3 100644
--- a/common/messages/proxy.go
+++ b/common/messages/proxy.go
@@ -7,9 +7,18 @@ import (
"encoding/json"
"fmt"
"strings"
+
+ "git.torproject.org/pluggable-transports/snowflake.git/v2/common/nat"
)
-const version = "1.2"
+const (
+ version = "1.2"
+
+ ProxyStandalone = "standalone"
+ ProxyWebext = "webext"
+ ProxyBadge = "badge"
+ ProxyUnknown = "unknown"
+)
/* Version 1.2 specification:
@@ -116,12 +125,28 @@ func DecodePollRequest(data []byte) (sid string, proxyType string, natType strin
return
}
- natType = message.NAT
- if natType == "" {
- natType = "unknown"
+ switch message.NAT {
+ case "":
+ message.NAT = nat.NATUnknown
+ case nat.NATUnknown:
+ case nat.NATRestricted:
+ case nat.NATUnrestricted:
+ default:
+ err = fmt.Errorf("invalid NAT type")
+ return
+ }
+
+ // we don't reject polls with an unknown proxy type because we encourage
+ // projects that embed proxy code to include their own type
+ switch message.Type {
+ case ProxyStandalone:
+ case ProxyWebext:
+ case ProxyBadge:
+ default:
+ message.Type = ProxyUnknown
}
- return message.Sid, message.Type, natType, message.Clients, nil
+ return message.Sid, message.Type, message.NAT, message.Clients, nil
}
type ProxyPollResponse struct {
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits