[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [bridgedb/master] Fix error in usage of redirectTo() with a malicious request.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [bridgedb/master] Fix error in usage of redirectTo() with a malicious request.
From: isis@xxxxxxxxxxxxxx
Date: Wed, 20 Dec 2017 23:10:05 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 20 Dec 2017 20:06:44 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Isis Lovecruft <isis@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 77776deaad380d9a48524c69533bf566a7a1406b
Author: Isis Lovecruft <isis@xxxxxxxxxxxxxx>
Date:   Tue Nov 28 19:43:10 2017 +0000

    Fix error in usage of redirectTo() with a malicious request.
    
     * FIXES #24460: https://bugs.torproject.org/24460
---
 bridgedb/distributors/https/server.py |  6 ++++--
 bridgedb/test/test_https_server.py    | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/bridgedb/distributors/https/server.py b/bridgedb/distributors/https/server.py
index 352a838..d4771a6 100644
--- a/bridgedb/distributors/https/server.py
+++ b/bridgedb/distributors/https/server.py
@@ -410,8 +410,10 @@ class CaptchaProtectedResource(CustomErrorHandlingResource, CSPResource):
         try:
             challenge = request.args['captcha_challenge_field'][0]
             response = request.args['captcha_response_field'][0]
-        except Exception:  # pragma: no cover
-            return redirectTo(request.URLPath(), request)
+        except Exception as error:
+            logging.debug(("Client CAPTCHA solution to HTTPS distributor server"
+                           "didn't include correct HTTP arguments: %s" % error))
+            return redirectTo(type(b'')(request.URLPath()), request)
         return (challenge, response)
 
     def checkSolution(self, request):
diff --git a/bridgedb/test/test_https_server.py b/bridgedb/test/test_https_server.py
index dbd177f..13ec20e 100644
--- a/bridgedb/test/test_https_server.py
+++ b/bridgedb/test/test_https_server.py
@@ -372,6 +372,20 @@ class GimpCaptchaProtectedResourceTests(unittest.TestCase):
         self.assertEqual(challenge, expectedChallenge)
         self.assertEqual(response, expectedResponse)
 
+    def test_extractClientSolution_missing_arguments(self):
+        """A solution with missing arguments (the solution field) should
+        return a very agressive redirect to the originally requested,
+        CAPTCHA-protected page.
+        """
+        expectedChallenge = '23232323232323232323'
+
+        self.request.method = b'POST'
+        self.request.addArg('captcha_challenge_field', expectedChallenge)
+
+        response = self.captchaResource.extractClientSolution(self.request)
+
+        self.assertIn("click here", response)
+
     def test_checkSolution(self):
         """checkSolution() should return False is the solution is invalid."""
         expectedChallenge = '23232323232323232323'



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torspec/master] Add Ticket: field for prop#140.
Next by Author: [tor-commits] [torspec/master] prop#249: Add section on updates to required/recommended subprotocols.
Previous by thread: [tor-commits] [bridgedb/develop] Merge branch 'fix/24637' into develop
Next by thread: [tor-commits] [bridgedb/master] Merge branch 'fix/3015-remove-buckets' into develop
Index(es):
- Author
- Thread