aboutsummaryrefslogtreecommitdiff
path: root/src/feature/dirparse/routerparse.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/feature/dirparse/routerparse.c')
-rw-r--r--src/feature/dirparse/routerparse.c62
1 files changed, 40 insertions, 22 deletions
diff --git a/src/feature/dirparse/routerparse.c b/src/feature/dirparse/routerparse.c
index e44fbf77f9..3d90c1bc91 100644
--- a/src/feature/dirparse/routerparse.c
+++ b/src/feature/dirparse/routerparse.c
@@ -1,7 +1,7 @@
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2019, The Tor Project, Inc. */
+ * Copyright (c) 2007-2020, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
@@ -50,7 +50,7 @@
* </ul>
**/
-#define EXPOSE_ROUTERDESC_TOKEN_TABLE
+#define ROUTERDESC_TOKEN_TABLE_PRIVATE
#include "core/or/or.h"
#include "app/config/config.h"
@@ -81,6 +81,7 @@
/****************************************************************************/
/** List of tokens recognized in router descriptors */
+// clang-format off
const token_rule_t routerdesc_token_table[] = {
T0N("reject", K_REJECT, ARGS, NO_OBJ ),
T0N("accept", K_ACCEPT, ARGS, NO_OBJ ),
@@ -90,24 +91,24 @@ const token_rule_t routerdesc_token_table[] = {
T01("ipv6-policy", K_IPV6_POLICY, CONCAT_ARGS, NO_OBJ),
T1( "signing-key", K_SIGNING_KEY, NO_ARGS, NEED_KEY_1024 ),
T1( "onion-key", K_ONION_KEY, NO_ARGS, NEED_KEY_1024 ),
- T01("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
+ T1("ntor-onion-key", K_ONION_KEY_NTOR, GE(1), NO_OBJ ),
T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
T01("uptime", K_UPTIME, GE(1), NO_OBJ ),
T01("fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
T01("hibernating", K_HIBERNATING, GE(1), NO_OBJ ),
T01("platform", K_PLATFORM, CONCAT_ARGS, NO_OBJ ),
- T01("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ),
+ T1("proto", K_PROTO, CONCAT_ARGS, NO_OBJ ),
T01("contact", K_CONTACT, CONCAT_ARGS, NO_OBJ ),
T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
T01("extra-info-digest", K_EXTRA_INFO_DIGEST, GE(1), NO_OBJ ),
T01("hidden-service-dir", K_HIDDEN_SERVICE_DIR, NO_ARGS, NO_OBJ ),
- T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
- T01("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ),
- T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
- T01("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
- T01("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
+ T1("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
+ T1("master-key-ed25519", K_MASTER_KEY_ED25519, GE(1), NO_OBJ ),
+ T1("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
+ T1("onion-key-crosscert", K_ONION_KEY_CROSSCERT, NO_ARGS, NEED_OBJ ),
+ T1("ntor-onion-key-crosscert", K_NTOR_ONION_KEY_CROSSCERT,
EQ(1), NEED_OBJ ),
T01("allow-single-hop-exits",K_ALLOW_SINGLE_HOP_EXITS, NO_ARGS, NO_OBJ ),
@@ -123,13 +124,15 @@ const token_rule_t routerdesc_token_table[] = {
END_OF_TABLE
};
+// clang-format on
/** List of tokens recognized in extra-info documents. */
+// clang-format off
static token_rule_t extrainfo_token_table[] = {
T1_END( "router-signature", K_ROUTER_SIGNATURE, NO_ARGS, NEED_OBJ ),
T1( "published", K_PUBLISHED, CONCAT_ARGS, NO_OBJ ),
- T01("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
- T01("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
+ T1("identity-ed25519", K_IDENTITY_ED25519, NO_ARGS, NEED_OBJ ),
+ T1("router-sig-ed25519", K_ROUTER_SIG_ED25519, GE(1), NO_OBJ ),
T0N("opt", K_OPT, CONCAT_ARGS, OBJ_OK ),
T01("read-history", K_READ_HISTORY, ARGS, NO_OBJ ),
T01("write-history", K_WRITE_HISTORY, ARGS, NO_OBJ ),
@@ -162,6 +165,7 @@ static token_rule_t extrainfo_token_table[] = {
END_OF_TABLE
};
+// clang-format on
#undef T
@@ -452,6 +456,12 @@ router_parse_entry_from_string(const char *s, const char *end,
}
}
+ if (!tor_memstr(s, end-s, "\nproto ")) {
+ log_debug(LD_DIR, "Found an obsolete router descriptor. "
+ "Rejecting quietly.");
+ goto err;
+ }
+
if (router_get_router_hash(s, end - s, digest) < 0) {
log_warn(LD_DIR, "Couldn't compute router hash.");
goto err;
@@ -515,15 +525,15 @@ router_parse_entry_from_string(const char *s, const char *end,
log_warn(LD_DIR,"Router address is not an IP address.");
goto err;
}
- router->addr = ntohl(in.s_addr);
+ tor_addr_from_in(&router->ipv4_addr, &in);
- router->or_port =
+ router->ipv4_orport =
(uint16_t) tor_parse_long(tok->args[2],10,0,65535,&ok,NULL);
if (!ok) {
log_warn(LD_DIR,"Invalid OR port %s", escaped(tok->args[2]));
goto err;
}
- router->dir_port =
+ router->ipv4_dirport =
(uint16_t) tor_parse_long(tok->args[4],10,0,65535,&ok,NULL);
if (!ok) {
log_warn(LD_DIR,"Invalid dir port %s", escaped(tok->args[4]));
@@ -591,8 +601,8 @@ router_parse_entry_from_string(const char *s, const char *end,
"Relay's onion key had invalid exponent.");
goto err;
}
- router_set_rsa_onion_pkey(tok->key, &router->onion_pkey,
- &router->onion_pkey_len);
+ router->onion_pkey = tor_memdup(tok->object_body, tok->object_size);
+ router->onion_pkey_len = tok->object_size;
crypto_pk_free(tok->key);
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
@@ -649,17 +659,18 @@ router_parse_entry_from_string(const char *s, const char *end,
goto err;
}
if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
- log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+ log_warn(LD_DIR, "Wrong object type on identity-ed25519 "
+ "in descriptor");
goto err;
}
if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
- "in decriptor");
+ "in descriptor");
goto err;
}
if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
- "in decriptor");
+ "in descriptor");
goto err;
}
if (strcmp(cc_ntor_tok->args[0], "0") &&
@@ -903,13 +914,14 @@ router_parse_entry_from_string(const char *s, const char *end,
/* This router accepts tunnelled directory requests via begindir if it has
* an open dirport or it included "tunnelled-dir-server". */
- if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) || router->dir_port > 0) {
+ if (find_opt_by_keyword(tokens, K_DIR_TUNNELLED) ||
+ router->ipv4_dirport > 0) {
router->supports_tunnelled_dir_requests = 1;
}
tok = find_by_keyword(tokens, K_ROUTER_SIGNATURE);
- if (!router->or_port) {
+ if (!router->ipv4_orport) {
log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
goto err;
}
@@ -985,6 +997,11 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
while (end > s+2 && *(end-1) == '\n' && *(end-2) == '\n')
--end;
+ if (!tor_memstr(s, end-s, "\nidentity-ed25519")) {
+ log_debug(LD_DIR, "Found an obsolete extrainfo. Rejecting quietly.");
+ goto err;
+ }
+
if (router_get_extrainfo_hash(s, end-s, digest) < 0) {
log_warn(LD_DIR, "Couldn't compute router hash.");
goto err;
@@ -1060,7 +1077,8 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
goto err;
}
if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
- log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+ log_warn(LD_DIR, "Wrong object type on identity-ed25519 "
+ "in descriptor");
goto err;
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion