aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2021-10-19 09:48:13 -0400
committerDavid Goulet <dgoulet@torproject.org>2021-10-19 09:48:13 -0400
commitf748a497c7735cd7adb7982aca4fec8775196e23 (patch)
treeb71171567d2eb7d43261ab93a38695c2b32cb3c9
parentce5b240c19fed8109578fb9143f023af1daca0a5 (diff)
parentdb297a177edc8aba9334d6b3b525604d9b0f87a2 (diff)
downloadtor-f748a497c7735cd7adb7982aca4fec8775196e23.tar.gz
tor-f748a497c7735cd7adb7982aca4fec8775196e23.zip
Merge branch 'ticket40476_045_01' into ticket40476_046_01
-rw-r--r--changes/ticket404768
-rw-r--r--src/core/or/connection_edge.c28
-rw-r--r--src/feature/dircache/dircache.c2
-rw-r--r--src/feature/hs/hs_config.c8
-rw-r--r--src/test/test_hs_common.c10
-rw-r--r--src/test/test_hs_config.c2
6 files changed, 22 insertions, 36 deletions
diff --git a/changes/ticket40476 b/changes/ticket40476
new file mode 100644
index 0000000000..062e36f9bc
--- /dev/null
+++ b/changes/ticket40476
@@ -0,0 +1,8 @@
+ o Major feature (onion service v2):
+ - Tor does NOT allow anymore to create v2 services, to connect as a client
+ to a v2 service and for a relay to be a v2 HSDir or introduction point.
+ This effectively disable onion service version 2 tor wide. Closes 40476.
+ - The control port command HSFETCH and HSPOST don't allow version 2 as well.
+ It is also not possible to create a v2 service with ADD_ONION.
+ - See https://blog.torproject.org/v2-deprecation-timeline for details on
+ how to transition from v2 to v3.
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index d3979b3a7e..60a2f88ccb 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1612,23 +1612,6 @@ consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
return 0;
}
-/** Return true iff <b>query</b> is a syntactically valid service ID (as
- * generated by rend_get_service_id). */
-static int
-rend_valid_v2_service_id(const char *query)
-{
- /** Length of 'y' portion of 'y.onion' URL. */
-#define REND_SERVICE_ID_LEN_BASE32 16
-
- if (strlen(query) != REND_SERVICE_ID_LEN_BASE32)
- return 0;
-
- if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32)
- return 0;
-
- return 1;
-}
-
/** Parse the given hostname in address. Returns true if the parsing was
* successful and type_out contains the type of the hostname. Else, false is
* returned which means it was not recognized and type_out is set to
@@ -1692,14 +1675,6 @@ parse_extended_hostname(char *address, hostname_type_t *type_out)
if (q != address) {
memmove(address, q, strlen(q) + 1 /* also get \0 */);
}
- /* v2 onion address check. */
- if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) {
- *type_out = ONION_V2_HOSTNAME;
- if (rend_valid_v2_service_id(query)) {
- goto success;
- }
- goto failed;
- }
/* v3 onion address check. */
if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) {
@@ -1719,8 +1694,7 @@ parse_extended_hostname(char *address, hostname_type_t *type_out)
failed:
/* otherwise, return to previous state and return 0 */
*s = '.';
- const bool is_onion = (*type_out == ONION_V2_HOSTNAME) ||
- (*type_out == ONION_V3_HOSTNAME);
+ const bool is_onion = (*type_out == ONION_V3_HOSTNAME);
log_warn(LD_APP, "Invalid %shostname %s; rejecting",
is_onion ? "onion " : "",
safe_str_client(address));
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 7fdb1bc70f..7319b96caf 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -1569,6 +1569,8 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
char *url = NULL;
const or_options_t *options = get_options();
+ (void) body_len;
+
log_debug(LD_DIRSERV,"Received POST command.");
conn->base_.state = DIR_CONN_STATE_SERVER_WRITING;
diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index 68ed932701..73f9176186 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -159,8 +159,12 @@ static bool
check_value_oob(int i, const char *name, int low, int high)
{
if (i < low || i > high) {
- log_warn(LD_CONFIG, "%s must be between %d and %d, not %d.",
- name, low, high, i);
+ if (low == high) {
+ log_warn(LD_CONFIG, "%s must be %d, not %d.", name, low, i);
+ } else {
+ log_warn(LD_CONFIG, "%s must be between %d and %d, not %d.",
+ name, low, high, i);
+ }
return true;
}
return false;
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index 7cb6a36f8e..347a5b7174 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -808,13 +808,11 @@ test_parse_extended_hostname(void *arg)
tt_assert(parse_extended_hostname(address4, &type));
tt_int_op(type, OP_EQ, NORMAL_HOSTNAME);
- tt_assert(parse_extended_hostname(address5, &type));
- tt_int_op(type, OP_EQ, ONION_V2_HOSTNAME);
- tt_str_op(address5, OP_EQ, "abcdefghijklmnop");
+ tt_assert(!parse_extended_hostname(address5, &type));
+ tt_int_op(type, OP_EQ, BAD_HOSTNAME);
- tt_assert(parse_extended_hostname(address6, &type));
- tt_int_op(type, OP_EQ, ONION_V2_HOSTNAME);
- tt_str_op(address6, OP_EQ, "abcdefghijklmnop");
+ tt_assert(!parse_extended_hostname(address6, &type));
+ tt_int_op(type, OP_EQ, BAD_HOSTNAME);
tt_assert(!parse_extended_hostname(address7, &type));
tt_int_op(type, OP_EQ, BAD_HOSTNAME);
diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c
index 54a0b2336c..74f823f897 100644
--- a/src/test/test_hs_config.c
+++ b/src/test/test_hs_config.c
@@ -48,7 +48,7 @@ test_invalid_service(void *arg)
setup_full_capture_of_logs(LOG_WARN);
ret = helper_config_service(conf, 1);
tt_int_op(ret, OP_EQ, -1);
- expect_log_msg_containing("HiddenServiceVersion must be between 3 and 3");
+ expect_log_msg_containing("HiddenServiceVersion must be 3, not 1");
teardown_capture_of_logs();
}