[tor-bugs] #27316 [Core Tor/Tor]: protover.c accepts arbitrary bytes in protocol names
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 25 19:18:59 UTC 2018
#27316: protover.c accepts arbitrary bytes in protocol names
-------------------------+-------------------------------------------------
Reporter: | Owner: (none)
cyberpunks |
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core | Version: Tor: 0.2.9.4-alpha
Tor/Tor | Keywords: protover, 029-backport,
Severity: Normal | 032-backport, 033-backport, 034-backport,
| unicode
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------+-------------------------------------------------
[https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt dir-spec.txt]
defines a protocol name as a Keyword, and strictly limits what character
set is allowed in a Keyword:
{{{
Keyword = KeywordChar+
KeywordChar ::= 'A' ... 'Z' | 'a' ... 'z' | '0' ... '9' | '-'
}}}
But `"Foo_Bar=1"`, `",,,=1"`, and arbitrary Unicode strings like
`"Risqu\u00e9=1"` are accepted. Bytes that aren't even valid Unicode like
`"\xc1=1"` are also fine, as long as no bytes are the null byte, `=`, or
the space character.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27316>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list