diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-09-21 09:35:51 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-09-21 09:35:51 -0400 |
| commit | 2cadd93cea374664f151e945549b95f0b1f49b00 (patch) | |
| tree | 9dcaddada998f484d4f2663028f9f2530e76339a | |
| parent | 75b95e1c8e28e1136b5bc98fd89321e478f4b836 (diff) | |
| parent | 5b04392c1553e2a3e278a48f8d0e071181c0444f (diff) | |
| download | tor-2cadd93cea374664f151e945549b95f0b1f49b00.tar.gz tor-2cadd93cea374664f151e945549b95f0b1f49b00.zip | |
Merge branch 'maint-0.3.2' into maint-0.3.3
| -rw-r--r-- | changes/bug27316 | 3 | ||||
| -rw-r--r-- | src/or/protover.c | 17 | ||||
| -rw-r--r-- | src/test/test_protover.c | 4 |
3 files changed, 23 insertions, 1 deletions
diff --git a/changes/bug27316 b/changes/bug27316 new file mode 100644 index 0000000000..cec9348912 --- /dev/null +++ b/changes/bug27316 @@ -0,0 +1,3 @@ + o Minor bugfixes (protover): + - Reject protocol names containing bytes other than alphanumeric characters + and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix on 0.2.9.4-alpha. diff --git a/src/or/protover.c b/src/or/protover.c index 5145881ba9..a63c2eb02d 100644 --- a/src/or/protover.c +++ b/src/or/protover.c @@ -23,6 +23,7 @@ #define PROTOVER_PRIVATE +#include "compat.h" #include "or.h" #include "protover.h" #include "routerparse.h" @@ -178,6 +179,16 @@ parse_version_range(const char *s, const char *end_of_range, return -1; } +static int +is_valid_keyword(const char *s, size_t n) +{ + for (size_t i = 0; i < n; i++) { + if (!TOR_ISALNUM(s[i]) && s[i] != '-') + return 0; + } + return 1; +} + /** Parse a single protocol entry from <b>s</b> up to an optional * <b>end_of_entry</b> pointer, and return that protocol entry. Return NULL * on error. @@ -212,6 +223,11 @@ parse_single_entry(const char *s, const char *end_of_entry) MAX_PROTOCOL_NAME_LENGTH, escaped(out->name)); goto error; } + + /* The name must contain only alphanumeric characters and hyphens. */ + if (!is_valid_keyword(s, equals-s)) + goto error; + out->name = tor_strndup(s, equals-s); tor_assert(equals < end_of_entry); @@ -920,4 +936,3 @@ protover_free_all(void) } #endif /* !defined(HAVE_RUST) */ - diff --git a/src/test/test_protover.c b/src/test/test_protover.c index fb374c728b..026ae2ddd8 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -543,6 +543,10 @@ test_protover_vote_roundtrip(void *args) const char *input; const char *expected_output; } examples[] = { + { "Risqu\u00e9=1", NULL }, + { ",,,=1", NULL }, + { "\xc1=1", NULL }, + { "Foo_Bar=1", NULL }, { "Fkrkljdsf", NULL }, { "Zn=4294967295", NULL }, { "Zn=4294967295-1", NULL }, |