[tor-bugs] #18938 [Core Tor/Tor]: Authorities should reject non-UTF-8 content in ExtraInfo descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 30 01:42:02 UTC 2018
#18938: Authorities should reject non-UTF-8 content in ExtraInfo descriptors
-------------------------------------------------+-------------------------
Reporter: teor | Owner: neel
Type: defect | Status:
| assigned
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: needs-proposal, tor-dirauth, needs- | Actual Points:
spec, easy, 034-triage-20180328, |
034-removed-20180328 |
Parent ID: #24033 | Points: 1
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by neel):
I have a few questions:
1. As prop285 already exists, I assume I don't need to make a proposal. Is
this correct?
2. Should I put this in `dirserv_add_extrainfo()`?
3. In extrainfo_t, should I check that cache_info.signed_descriptor_body
is UTF-8, and if it isn't, I should reject the descriptor?
4. I don't think there is any library for checking for UTF-8 text in Tor.
Can I include external library from GitHub (I am thinking about using
https://github.com/chansen/c-utf8-valid) and modify it to fit with Tor
(meaning including it in `src/ext`, not linking to another library an
adding a dependency)? Is there going to be a security issue with a third-
party library?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18938#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list