diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-10-19 10:35:40 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-10-19 10:35:40 -0400 |
| commit | 2a705e81a33879aad658ad2c824aeaa8e7f03eed (patch) | |
| tree | 1cd05817ea3e9b54b9145620a23d1fe55cab8eb8 | |
| parent | 9ac1ed525f6d21338d675f2898987a13d82f4b78 (diff) | |
| parent | 326f954f10dc99fbebb10bb6962a44a3eeff424c (diff) | |
| download | tor-2a705e81a33879aad658ad2c824aeaa8e7f03eed.tar.gz tor-2a705e81a33879aad658ad2c824aeaa8e7f03eed.zip | |
Merge branch 'maint-0.4.6'
| -rw-r--r-- | changes/ticket40476 | 8 | ||||
| -rw-r--r-- | src/core/or/connection_edge.c | 28 | ||||
| -rw-r--r-- | src/feature/dircache/dircache.c | 2 | ||||
| -rw-r--r-- | src/feature/hs/hs_config.c | 8 | ||||
| -rw-r--r-- | src/test/test_hs_common.c | 10 | ||||
| -rw-r--r-- | src/test/test_hs_config.c | 2 |
6 files changed, 22 insertions, 36 deletions
diff --git a/changes/ticket40476 b/changes/ticket40476 new file mode 100644 index 0000000000..062e36f9bc --- /dev/null +++ b/changes/ticket40476 @@ -0,0 +1,8 @@ + o Major feature (onion service v2): + - Tor does NOT allow anymore to create v2 services, to connect as a client + to a v2 service and for a relay to be a v2 HSDir or introduction point. + This effectively disable onion service version 2 tor wide. Closes 40476. + - The control port command HSFETCH and HSPOST don't allow version 2 as well. + It is also not possible to create a v2 service with ADD_ONION. + - See https://blog.torproject.org/v2-deprecation-timeline for details on + how to transition from v2 to v3. diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 730fda33c6..40816dbe66 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1629,23 +1629,6 @@ consider_plaintext_ports(entry_connection_t *conn, uint16_t port) return 0; } -/** Return true iff <b>query</b> is a syntactically valid service ID (as - * generated by rend_get_service_id). */ -static int -rend_valid_v2_service_id(const char *query) -{ - /** Length of 'y' portion of 'y.onion' URL. */ -#define REND_SERVICE_ID_LEN_BASE32 16 - - if (strlen(query) != REND_SERVICE_ID_LEN_BASE32) - return 0; - - if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32) - return 0; - - return 1; -} - /** Parse the given hostname in address. Returns true if the parsing was * successful and type_out contains the type of the hostname. Else, false is * returned which means it was not recognized and type_out is set to @@ -1709,14 +1692,6 @@ parse_extended_hostname(char *address, hostname_type_t *type_out) if (q != address) { memmove(address, q, strlen(q) + 1 /* also get \0 */); } - /* v2 onion address check. */ - if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) { - *type_out = ONION_V2_HOSTNAME; - if (rend_valid_v2_service_id(query)) { - goto success; - } - goto failed; - } /* v3 onion address check. */ if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) { @@ -1736,8 +1711,7 @@ parse_extended_hostname(char *address, hostname_type_t *type_out) failed: /* otherwise, return to previous state and return 0 */ *s = '.'; - const bool is_onion = (*type_out == ONION_V2_HOSTNAME) || - (*type_out == ONION_V3_HOSTNAME); + const bool is_onion = (*type_out == ONION_V3_HOSTNAME); log_warn(LD_APP, "Invalid %shostname %s; rejecting", is_onion ? "onion " : "", safe_str_client(address)); diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c index 7fdb1bc70f..7319b96caf 100644 --- a/src/feature/dircache/dircache.c +++ b/src/feature/dircache/dircache.c @@ -1569,6 +1569,8 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers, char *url = NULL; const or_options_t *options = get_options(); + (void) body_len; + log_debug(LD_DIRSERV,"Received POST command."); conn->base_.state = DIR_CONN_STATE_SERVER_WRITING; diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c index de1f608ddf..a76893fe1a 100644 --- a/src/feature/hs/hs_config.c +++ b/src/feature/hs/hs_config.c @@ -159,8 +159,12 @@ static bool check_value_oob(int i, const char *name, int low, int high) { if (i < low || i > high) { - log_warn(LD_CONFIG, "%s must be between %d and %d, not %d.", - name, low, high, i); + if (low == high) { + log_warn(LD_CONFIG, "%s must be %d, not %d.", name, low, i); + } else { + log_warn(LD_CONFIG, "%s must be between %d and %d, not %d.", + name, low, high, i); + } return true; } return false; diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index 7cb6a36f8e..347a5b7174 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -808,13 +808,11 @@ test_parse_extended_hostname(void *arg) tt_assert(parse_extended_hostname(address4, &type)); tt_int_op(type, OP_EQ, NORMAL_HOSTNAME); - tt_assert(parse_extended_hostname(address5, &type)); - tt_int_op(type, OP_EQ, ONION_V2_HOSTNAME); - tt_str_op(address5, OP_EQ, "abcdefghijklmnop"); + tt_assert(!parse_extended_hostname(address5, &type)); + tt_int_op(type, OP_EQ, BAD_HOSTNAME); - tt_assert(parse_extended_hostname(address6, &type)); - tt_int_op(type, OP_EQ, ONION_V2_HOSTNAME); - tt_str_op(address6, OP_EQ, "abcdefghijklmnop"); + tt_assert(!parse_extended_hostname(address6, &type)); + tt_int_op(type, OP_EQ, BAD_HOSTNAME); tt_assert(!parse_extended_hostname(address7, &type)); tt_int_op(type, OP_EQ, BAD_HOSTNAME); diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c index 54a0b2336c..74f823f897 100644 --- a/src/test/test_hs_config.c +++ b/src/test/test_hs_config.c @@ -48,7 +48,7 @@ test_invalid_service(void *arg) setup_full_capture_of_logs(LOG_WARN); ret = helper_config_service(conf, 1); tt_int_op(ret, OP_EQ, -1); - expect_log_msg_containing("HiddenServiceVersion must be between 3 and 3"); + expect_log_msg_containing("HiddenServiceVersion must be 3, not 1"); teardown_capture_of_logs(); } |