[tor-bugs] #27316 [Core Tor/Tor]: protover.c accepts arbitrary bytes in protocol names
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 25 21:35:17 UTC 2018
#27316: protover.c accepts arbitrary bytes in protocol names
-------------------------------------------------+-------------------------
Reporter: cyberpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.2.9.4-alpha
Severity: Normal | Resolution:
Keywords: protover, 029-backport, | Actual Points:
032-backport, 033-backport, 034-backport, |
unicode |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* milestone: => Tor: unspecified
Comment:
Thanks for finding this bug.
Replying to [ticket:27316 cyberpunks]:
> [https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt dir-
spec.txt] defines a protocol name as a Keyword, and strictly limits what
character set is allowed in a Keyword:
> {{{
> Keyword = KeywordChar+
> KeywordChar ::= 'A' ... 'Z' | 'a' ... 'z' | '0' ... '9' | '-'
> }}}
>
> But `"Foo_Bar=1"`, `",,,=1"`, and arbitrary Unicode strings like
`"Risqu\u00e9=1"` are accepted.
We can safely reject descriptors, votes, and consensuses containing non-
keyword characters.
> Bytes that aren't even valid Unicode like `"\xc1=1"` are also fine, as
long as no bytes are the null byte, `=`, or the space character.
Tor doesn't do any Unicode checks on directory documents yet.
(More precisely, when built without Rust, tor doesn't do any Unicode
checks. When built with Rust, protover does Unicode checks.)
Here's a proposal for consistently checking Unicode in directory
documents:
https://gitweb.torproject.org/torspec.git/tree/proposals/285-utf-8.txt
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27316#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list