diff options
| author | David Goulet <dgoulet@torproject.org> | 2017-05-10 09:40:26 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2017-06-27 10:19:57 -0400 |
| commit | 82dee76740062c00e98a7005f773672065abcf96 (patch) | |
| tree | fcc0b7730a191801fa77a17514c35635b17c9f32 /src/or/hs_descriptor.c | |
| parent | f6df433b9123c50b8eda6d8784d4f96be6d02f51 (diff) | |
| download | tor-82dee76740062c00e98a7005f773672065abcf96.tar.gz tor-82dee76740062c00e98a7005f773672065abcf96.zip | |
hs: Ignore unparseable v3 introduction point
It is possible that at some point in time a client will encounter unknown or
new fields for an introduction point in a descriptor so let them ignore it for
forward compatibility.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/hs_descriptor.c')
| -rw-r--r-- | src/or/hs_descriptor.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 2a000f5002..b55f9663bc 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -1747,18 +1747,13 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start) /* Given a descriptor string at <b>data</b>, decode all possible introduction * points that we can find. Add the introduction point object to desc_enc as we - * find them. Return 0 on success. - * - * On error, a negative value is returned. It is possible that some intro - * point object have been added to the desc_enc, they should be considered - * invalid. One single bad encoded introduction point will make this function - * return an error. */ -STATIC int + * find them. This function can't fail and it is possible that zero + * introduction points can be decoded. */ +static void decode_intro_points(const hs_descriptor_t *desc, hs_desc_encrypted_data_t *desc_enc, const char *data) { - int retval = -1; smartlist_t *chunked_desc = smartlist_new(); smartlist_t *intro_points = smartlist_new(); @@ -1799,22 +1794,19 @@ decode_intro_points(const hs_descriptor_t *desc, SMARTLIST_FOREACH_BEGIN(intro_points, const char *, intro_point) { hs_desc_intro_point_t *ip = decode_introduction_point(desc, intro_point); if (!ip) { - /* Malformed introduction point section. Stop right away, this - * descriptor shouldn't be used. */ - goto err; + /* Malformed introduction point section. We'll ignore this introduction + * point and continue parsing. New or unknown fields are possible for + * forward compatibility. */ + continue; } smartlist_add(desc_enc->intro_points, ip); } SMARTLIST_FOREACH_END(intro_point); done: - retval = 0; - - err: SMARTLIST_FOREACH(chunked_desc, char *, a, tor_free(a)); smartlist_free(chunked_desc); SMARTLIST_FOREACH(intro_points, char *, a, tor_free(a)); smartlist_free(intro_points); - return retval; } /* Return 1 iff the given base64 encoded signature in b64_sig from the encoded * descriptor in encoded_desc validates the descriptor content. */ @@ -2040,9 +2032,8 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc, /* Initialize the descriptor's introduction point list before we start * decoding. Having 0 intro point is valid. Then decode them all. */ desc_encrypted_out->intro_points = smartlist_new(); - if (decode_intro_points(desc, desc_encrypted_out, message) < 0) { - goto err; - } + decode_intro_points(desc, desc_encrypted_out, message); + /* Validation of maximum introduction points allowed. */ if (smartlist_len(desc_encrypted_out->intro_points) > MAX_INTRO_POINTS) { log_warn(LD_REND, "Service descriptor contains too many introduction " |