[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] dircache: make dirauths reject non UTF-8 descriptors and extrainfo

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] dircache: make dirauths reject non UTF-8 descriptors and extrainfo
From: nickm@xxxxxxxxxxxxxx
Date: Tue, 6 Nov 2018 20:34:14 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Nov 2018 15:34:27 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: cypherpunks <cypherpunks@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit f874ab26401ca269074963697ddcad879b3b4e3a
Author: cypherpunks <cypherpunks@xxxxxxxxxxxxxx>
Date:   Wed Aug 29 08:49:10 2018 +0000

    dircache: make dirauths reject non UTF-8 descriptors and extrainfo
    
    Ticket #27367.
---
 changes/feature27367                |  4 ++++
 src/feature/dirauth/process_descs.c | 12 +++++++++---
 src/feature/dirauth/process_descs.h |  3 ++-
 src/feature/dircache/dircache.c     |  4 ++--
 4 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/changes/feature27367 b/changes/feature27367
new file mode 100644
index 000000000..99c083962
--- /dev/null
+++ b/changes/feature27367
@@ -0,0 +1,4 @@
+  o Minor features (parsing):
+    - Directory authorities now validate that router descriptors and ExtraInfo
+      documents are in a valid subset of UTF-8, and reject them if not.
+      Closes ticket 27367.
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
index c379f25bd..dca87b3ea 100644
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -519,7 +519,8 @@ WRA_MORE_SEVERE(was_router_added_t a, was_router_added_t b)
 /** As for dirserv_add_descriptor(), but accepts multiple documents, and
  * returns the most severe error that occurred for any one of them. */
 was_router_added_t
-dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
+dirserv_add_multiple_descriptors(const char *desc, size_t desclen,
+                                 uint8_t purpose,
                                  const char *source,
                                  const char **msg)
 {
@@ -536,6 +537,11 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
 
   r=ROUTER_ADDED_SUCCESSFULLY; /*Least severe return value. */
 
+  if (!string_is_utf8_no_bom(desc, desclen)) {
+    *msg = "descriptor(s) or extrainfo(s) not valid UTF-8 or had BOM.";
+    return ROUTER_AUTHDIR_REJECTS;
+  }
+
   format_iso_time(time_buf, now);
   if (tor_snprintf(annotation_buf, sizeof(annotation_buf),
                    "@uploaded-at %s\n"
@@ -552,7 +558,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
 
   s = desc;
   list = smartlist_new();
-  if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
+  if (!router_parse_list_from_string(&s, s+desclen, list, SAVED_NOWHERE, 0, 0,
                                      annotation_buf, NULL)) {
     SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
         msg_out = NULL;
@@ -568,7 +574,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
   smartlist_clear(list);
 
   s = desc;
-  if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 1, 0,
+  if (!router_parse_list_from_string(&s, s+desclen, list, SAVED_NOWHERE, 1, 0,
                                      NULL, NULL)) {
     SMARTLIST_FOREACH(list, extrainfo_t *, ei, {
         msg_out = NULL;
diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h
index ad9d5c3d4..5a0914acd 100644
--- a/src/feature/dirauth/process_descs.h
+++ b/src/feature/dirauth/process_descs.h
@@ -17,7 +17,8 @@ void dirserv_free_fingerprint_list(void);
 int dirserv_add_own_fingerprint(crypto_pk_t *pk);
 
 enum was_router_added_t dirserv_add_multiple_descriptors(
-                                     const char *desc, uint8_t purpose,
+                                     const char *desc, size_t desclen,
+                                     uint8_t purpose,
                                      const char *source,
                                      const char **msg);
 enum was_router_added_t dirserv_add_descriptor(routerinfo_t *ri,
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 872a88018..930a8b87e 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -1608,8 +1608,8 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
     const char *msg = "[None]";
     uint8_t purpose = authdir_mode_bridge(options) ?
                       ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
-    was_router_added_t r = dirserv_add_multiple_descriptors(body, purpose,
-                                             conn->base_.address, &msg);
+    was_router_added_t r = dirserv_add_multiple_descriptors(body, body_len,
+                                           purpose, conn->base_.address, &msg);
     tor_assert(msg);
 
     if (r == ROUTER_ADDED_SUCCESSFULLY) {



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.3.4] Explicitly specify path to OpenSSL for Appveyor.
Next by Author: [tor-commits] [tor/release-0.3.5] Merge remote-tracking branch 'dgoulet/bug27550_033_01' into maint-0.3.3
Previous by thread: [tor-commits] [tor/master] Add tests for the string_is_utf8_no_bom() function.
Next by thread: [tor-commits] [tor/master] Merge remote-tracking branch 'tor-github/pr/464'
Index(es):
- Author
- Thread