Re: [tor-bugs] #30480 [Applications/rbm]: rbm should check that a signed tag object contains the expected tag name

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#30480: rbm should check that a signed tag object contains the expected tag name
-----------------------------------+------------------------------
 Reporter:  boklm                  |          Owner:  boklm
     Type:  task                   |         Status:  needs_review
 Priority:  Medium                 |      Milestone:
Component:  Applications/rbm       |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  TorBrowserTeam201905R  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------------
Changes (by boklm):

 * status:  needs_revision => needs_review
 * keywords:  TorBrowserTeam201905 => TorBrowserTeam201905R


Comment:

 Replying to [comment:3 gk]:
 > I guess
 > {{{
 > +        return $1 if $l =~ m/^tag (.*)$/;
 > }}}
 > is assuming that the first such line showing up is the one we want and
 an attacker can't get to enter fake tag lines (like they can do with a
 commit message) before that? If so, could we add a comment here?

 The tag message is separated from the headers by an empty line, so we
 ignore anything after the first empty line. I added a comment saying that
 in branch `bug_30480_v3`:
 https://gitweb.torproject.org/user/boklm/rbm.git/commit/?h=bug_30480_v3&id=e04f03f9626e993bb66d7784d258f95ca07bc769

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30480#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs