diff options
| author | Nick Mathewson <nickm@torproject.org> | 2018-02-15 08:37:19 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2018-02-15 19:07:25 -0500 |
| commit | f69510ba4b196ed40fce64f24b5b7799b68d182b (patch) | |
| tree | 322c0300639ec201c078dbae964457aa1419ca5c | |
| parent | f6a230ec9555688d61db37eb22c8823619332d83 (diff) | |
| download | tor-f69510ba4b196ed40fce64f24b5b7799b68d182b.tar.gz tor-f69510ba4b196ed40fce64f24b5b7799b68d182b.zip | |
Rust protover compat: forbid more than MAX_VERSIONS_TO_EXPAND in a range
Also correct MAX_VERSIONS_TO_EXPAND to match the C.
NOTE that this patch leads to incorrect behavior: the C code allows
huge ranges; it just doesn't allow votes on them (currently). For
full compatibility, we'll need to make the rust code store ranges as
ranges natively, possibly using something like the range_map crate.
Still, this patch is smaller than a "proper" fix.
Fixes TROVE-2018-003.
| -rw-r--r-- | src/rust/protover/protover.rs | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 25f776aed4..cc9be67b6f 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -23,7 +23,7 @@ const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha"; /// before concluding that someone is trying to DoS us /// /// C_RUST_COUPLED: src/or/protover.c `MAX_PROTOCOLS_TO_EXPAND` -const MAX_PROTOCOLS_TO_EXPAND: u32 = 500; +const MAX_PROTOCOLS_TO_EXPAND: usize = (1<<16); /// Currently supported protocols and their versions, as a byte-slice. /// @@ -209,7 +209,7 @@ impl Versions { )?); } - if versions.len() > MAX_PROTOCOLS_TO_EXPAND as usize { + if versions.len() > MAX_PROTOCOLS_TO_EXPAND { return Err("Too many versions to expand"); } } @@ -448,7 +448,13 @@ fn expand_version_range(range: &str) -> Result<Range<u32>, &'static str> { ))?; // We can use inclusive range syntax when it becomes stable. - Ok(lower..higher + 1) + let result = lower..higher + 1; + + if result.len() > MAX_PROTOCOLS_TO_EXPAND { + Err("Too many protocols in expanded range") + } else { + Ok(result) + } } /// Checks to see if there is a continuous range of integers, starting at the @@ -862,6 +868,9 @@ mod test { Err("cannot parse protocol range upper bound"), expand_version_range("1-a") ); + assert_eq!(Ok(1000..66536), expand_version_range("1000-66535")); + assert_eq!(Err("Too many protocols in expanded range"), + expand_version_range("1000-66536")); } #[test] |