[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/master] Merge remote branch 'origin/maint-0.2.2'



commit f6a25a995ea120b4415058131a01bc69542280e9
Merge: 670ff24 a793f1f
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Jan 19 13:26:23 2011 -0500

    Merge remote branch 'origin/maint-0.2.2'

 changes/routerparse_maxima |    4 ++++
 src/or/routerparse.c       |   17 +++++++++++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --combined src/or/routerparse.c
index 2bd370a,5ceb298..2e9f717
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@@ -70,6 -70,7 +70,6 @@@ typedef enum 
    K_V,
    K_W,
    K_M,
 -  K_EVENTDNS,
    K_EXTRA_INFO,
    K_EXTRA_INFO_DIGEST,
    K_CACHES_EXTRA_INFO,
@@@ -286,6 -287,7 +286,6 @@@ static token_rule_t routerdesc_token_ta
  
    T01("family",              K_FAMILY,              ARGS,    NO_OBJ ),
    T01("caches-extra-info",   K_CACHES_EXTRA_INFO,   NO_ARGS, NO_OBJ ),
 -  T01("eventdns",            K_EVENTDNS,            ARGS,    NO_OBJ ),
  
    T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
    T1( "bandwidth",           K_BANDWIDTH,           GE(3),   NO_OBJ ),
@@@ -1355,6 -1357,7 +1355,6 @@@ router_parse_entry_from_string(const ch
    tor_assert(tok->n_args >= 5);
  
    router = tor_malloc_zero(sizeof(routerinfo_t));
 -  router->country = -1;
    router->cache_info.routerlist_index = -1;
    router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
    router->cache_info.signed_descriptor_len = end-s;
@@@ -1495,6 -1498,13 +1495,6 @@@
      router->contact_info = tor_strdup(tok->args[0]);
    }
  
 -  if ((tok = find_opt_by_keyword(tokens, K_EVENTDNS))) {
 -    router->has_old_dnsworkers = tok->n_args && !strcmp(tok->args[0], "0");
 -  } else if (router->platform) {
 -    if (! tor_version_as_new_as(router->platform, "0.1.2.2-alpha"))
 -      router->has_old_dnsworkers = 1;
 -  }
 -
    exit_policy_tokens = find_all_exitpolicy(tokens);
    if (!smartlist_len(exit_policy_tokens)) {
      log_warn(LD_DIR, "No exit policy tokens in descriptor.");
@@@ -1553,6 -1563,8 +1553,6 @@@
                              "router descriptor") < 0)
      goto err;
  
 -  routerinfo_set_country(router);
 -
    if (!router->or_port) {
      log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
      goto err;
@@@ -1708,6 -1720,10 +1708,10 @@@ extrainfo_parse_entry_from_string(cons
  authority_cert_t *
  authority_cert_parse_from_string(const char *s, const char **end_of_string)
  {
+   /** Reject any certificate at least this big; it is probably an overflow, an
+    * attack, a bug, or some other nonsense. */
+ #define MAX_CERT_SIZE (128*1024)
+ 
    authority_cert_t *cert = NULL, *old_cert;
    smartlist_t *tokens = NULL;
    char digest[DIGEST_LEN];
@@@ -1735,6 -1751,12 +1739,12 @@@
    ++eos;
    len = eos - s;
  
+   if (len > MAX_CERT_SIZE) {
+     log_warn(LD_DIR, "Certificate is far too big (at %lu bytes long); "
+              "rejecting", (unsigned long)len);
+     return NULL;
+   }
+ 
    tokens = smartlist_create();
    area = memarea_new();
    if (tokenize_string(area,s, eos, tokens, dir_key_certificate_table, 0) < 0) {
@@@ -1942,7 -1964,6 +1952,7 @@@ routerstatus_parse_entry_from_string(me
  
    if (!consensus_method)
      flav = FLAV_NS;
 +  tor_assert(flav == FLAV_NS || flav == FLAV_MICRODESC);
  
    eos = find_start_of_next_routerstatus(*s);
  
@@@ -1955,16 -1976,15 +1965,16 @@@
      goto err;
    }
    tok = find_by_keyword(tokens, K_R);
 -  tor_assert(tok->n_args >= 7);
 +  tor_assert(tok->n_args >= 7); /* guaranteed by GE(7) in K_R setup */
    if (flav == FLAV_NS) {
      if (tok->n_args < 8) {
        log_warn(LD_DIR, "Too few arguments to r");
        goto err;
      }
 -  } else {
 -    offset = -1;
 +  } else if (flav == FLAV_MICRODESC) {
 +    offset = -1; /* There is no identity digest */
    }
 +
    if (vote_rs) {
      rs = &vote_rs->status;
    } else {
@@@ -2038,7 -2058,7 +2048,7 @@@
        else if (!strcmp(tok->args[i], "Fast"))
          rs->is_fast = 1;
        else if (!strcmp(tok->args[i], "Running"))
 -        rs->is_running = 1;
 +        rs->is_flagged_running = 1;
        else if (!strcmp(tok->args[i], "Named"))
          rs->is_named = 1;
        else if (!strcmp(tok->args[i], "Valid"))
@@@ -2140,16 -2160,6 +2150,16 @@@
          vote_rs->microdesc = line;
        }
      } SMARTLIST_FOREACH_END(t);
 +  } else if (flav == FLAV_MICRODESC) {
 +    tok = find_opt_by_keyword(tokens, K_M);
 +    if (tok) {
 +      tor_assert(tok->n_args);
 +      if (digest256_from_base64(rs->descriptor_digest, tok->args[0])) {
 +        log_warn(LD_DIR, "Error decoding microdescriptor digest %s",
 +                 escaped(tok->args[0]));
 +        goto err;
 +      }
 +    }
    }
  
    if (!strcasecmp(rs->nickname, UNNAMED_ROUTER_NICKNAME))
@@@ -3818,6 -3828,9 +3828,9 @@@ get_next_token(memarea_t *area
    /** Reject any object at least this big; it is probably an overflow, an
     * attack, a bug, or some other nonsense. */
  #define MAX_UNPARSED_OBJECT_SIZE (128*1024)
+   /** Reject any line at least this big; it is probably an overflow, an
+    * attack, a bug, or some other nonsense. */
+ #define MAX_LINE_LENGTH (128*1024)
  
    const char *next, *eol, *obstart;
    size_t obname_len;
@@@ -3837,6 -3850,10 +3850,10 @@@
    eol = memchr(*s, '\n', eos-*s);
    if (!eol)
      eol = eos;
+   if (eol - *s > MAX_LINE_LENGTH) {
+     RET_ERR("Line far too long");
+   }
+ 
    next = find_whitespace_eos(*s, eol);
  
    if (!strcmp_len(*s, "opt", next-*s)) {
@@@ -4324,7 -4341,7 +4341,7 @@@ microdescs_parse_from_string(const cha
      }
  
      if ((tok = find_opt_by_keyword(tokens, K_P))) {
 -      md->exitsummary = tor_strdup(tok->args[0]);
 +      md->exit_policy = parse_short_policy(tok->args[0]);
      }
  
      crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);