diff options
author | cypherpunks <cypherpunks@torproject.org> | 2018-08-26 01:20:44 +0000 |
---|---|---|
committer | cypherpunks <cypherpunks@torproject.org> | 2018-09-14 02:18:04 +0000 |
commit | e24195c7c1aaecebaf5ef4f81b54da2f0db917c6 (patch) | |
tree | e3e289a19a0e9be3537b00461ad18b666f5b966e | |
parent | c02f2d9eb45786c552dcc33c102e9964d95f66c1 (diff) | |
download | tor-e24195c7c1aaecebaf5ef4f81b54da2f0db917c6.tar.gz tor-e24195c7c1aaecebaf5ef4f81b54da2f0db917c6.zip |
protover: reject invalid protocol names
The spec only allows the characters [A-Za-z0-9-].
Fix on b2b2e1c7f24d9b65059e3d089768d6c49ba4f58f.
Fixes #27316; bugfix on 0.2.9.4-alpha.
-rw-r--r-- | changes/bug27316 | 3 | ||||
-rw-r--r-- | src/or/protover.c | 15 | ||||
-rw-r--r-- | src/test/test_protover.c | 4 |
3 files changed, 22 insertions, 0 deletions
diff --git a/changes/bug27316 b/changes/bug27316 new file mode 100644 index 0000000000..cec9348912 --- /dev/null +++ b/changes/bug27316 @@ -0,0 +1,3 @@ + o Minor bugfixes (protover): + - Reject protocol names containing bytes other than alphanumeric characters + and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix on 0.2.9.4-alpha. diff --git a/src/or/protover.c b/src/or/protover.c index 31ca13fe61..2c5d5ab1fc 100644 --- a/src/or/protover.c +++ b/src/or/protover.c @@ -23,6 +23,7 @@ #define PROTOVER_PRIVATE +#include "compat.h" #include "or.h" #include "protover.h" #include "routerparse.h" @@ -170,6 +171,16 @@ parse_version_range(const char *s, const char *end_of_range, return -1; } +static int +is_valid_keyword(const char *s, size_t n) +{ + for (size_t i = 0; i < n; i++) { + if (!TOR_ISALNUM(s[i]) && s[i] != '-') + return 0; + } + return 1; +} + /** Parse a single protocol entry from <b>s</b> up to an optional * <b>end_of_entry</b> pointer, and return that protocol entry. Return NULL * on error. @@ -195,6 +206,10 @@ parse_single_entry(const char *s, const char *end_of_entry) if (equals == s) goto error; + /* The name must contain only alphanumeric characters and hyphens. */ + if (!is_valid_keyword(s, equals-s)) + goto error; + out->name = tor_strndup(s, equals-s); tor_assert(equals < end_of_entry); diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 92ead3ca37..c4379a15e1 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -283,6 +283,10 @@ test_protover_vote_roundtrip(void *args) const char *input; const char *expected_output; } examples[] = { + { "Risqu\u00e9=1", NULL }, + { ",,,=1", NULL }, + { "\xc1=1", NULL }, + { "Foo_Bar=1", NULL }, { "Fkrkljdsf", NULL }, { "Zn=4294967295", NULL }, { "Zn=4294967295-1", NULL }, |