summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2017-12-24 11:24:29 +1100
committerteor <teor2345@gmail.com>2018-01-05 13:27:22 +1100
commitbeedf5fd81c25e67655432e009b047252cd0a970 (patch)
tree60f437b8e6de20e0297c074ce431b56dfbbd86c8
parentc1be0cfdb45d702afa3c1883a5e436cef8115fcd (diff)
downloadtor-beedf5fd81c25e67655432e009b047252cd0a970.tar.gz
tor-beedf5fd81c25e67655432e009b047252cd0a970.zip
Remove commas and equals signs from external string inputs to the fallback list
This makes sure that list parsers only see one comma per fallback entry, and only see one equals sign per field. Implements ticket 24726.
-rw-r--r--changes/ticket247264
-rwxr-xr-xscripts/maint/updateFallbackDirs.py8
2 files changed, 12 insertions, 0 deletions
diff --git a/changes/ticket24726 b/changes/ticket24726
new file mode 100644
index 0000000000..2bbdfa91af
--- /dev/null
+++ b/changes/ticket24726
@@ -0,0 +1,4 @@
+ o Minor features (fallback directory mirrors):
+ - Remove commas and equals signs from external string inputs to the
+ fallback list. This avoids format confusion attacks.
+ Implements ticket 24726.
diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py
index d1f50c70c5..52ae886bda 100755
--- a/scripts/maint/updateFallbackDirs.py
+++ b/scripts/maint/updateFallbackDirs.py
@@ -284,6 +284,10 @@ def cleanse_c_multiline_comment(raw_string):
bad_char_list = '*/'
# Prevent a malicious string from using C nulls
bad_char_list += '\0'
+ # Avoid confusing parsers by making sure there is only one comma per fallback
+ bad_char_list += ','
+ # Avoid confusing parsers by making sure there is only one equals per field
+ bad_char_list += '='
# Be safer by removing bad characters entirely
cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
# Some compilers may further process the content of comments
@@ -304,6 +308,10 @@ def cleanse_c_string(raw_string):
bad_char_list += '\\'
# Prevent a malicious string from using C nulls
bad_char_list += '\0'
+ # Avoid confusing parsers by making sure there is only one comma per fallback
+ bad_char_list += ','
+ # Avoid confusing parsers by making sure there is only one equals per field
+ bad_char_list += '='
# Be safer by removing bad characters entirely
cleansed_string = remove_bad_chars(cleansed_string, bad_char_list)
# Some compilers may further process the content of strings