From 4d4e2abd2f961e735b9b8d93e9e09695515b8ac8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 29 Aug 2019 11:43:43 -0400 Subject: Authorities reject relays running unsupported Tor release series. Our minimum version is now 0.2.9.5-alpha. Series 0.3.0, 0.3.1, 0.3.2, 0.3.3, and 0.3.4 are now rejected. Also, extract this version-checking code into a new function, so we can test it. Closes ticket 31549. Also reject 0.3.5.0 through 0.3.5.6-rc as unstable. --- src/feature/dirauth/process_descs.c | 59 +++++++++++++++++++++++++++---------- src/feature/dirauth/process_descs.h | 2 ++ 2 files changed, 45 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index e1a02179b0..74a2cde1bd 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -315,6 +315,47 @@ dirserv_would_reject_router(const routerstatus_t *rs) return (res & FP_REJECT) != 0; } +/** + * Check whether the platform string in platform describes a platform + * that, as a directory authority, we want to reject. If it does, return + * true, and set *msg (if present) to a rejection message. Otherwise + * return false. + */ +STATIC bool +dirserv_rejects_tor_version(const char *platform, + const char **msg) +{ + if (!platform) + return false; + + static const char please_upgrade_string[] = + "Tor version is insecure or unsupported. Please upgrade!"; + + /* Versions before Tor 0.2.9 are unsupported. Versions between 0.2.9.0 and + * 0.2.9.4 suffer from bug #20499, where relays don't keep their consensus + * up to date */ + if (!tor_version_as_new_as(platform,"0.2.9.5-alpha")) { + if (msg) + *msg = please_upgrade_string; + return true; + } + + /* Series between Tor 0.3.0 and 0.3.4 inclusive are unsupported, and some + * have bug #27841, which makes them broken as intro points. Reject them. + * + * Also reject unstable versions of 0.3.5, since (as of this writing) + * they are almost none of the network. */ + if (tor_version_as_new_as(platform,"0.3.0.0-alpha-dev") && + !tor_version_as_new_as(platform,"0.3.5.7")) { + if (msg) { + *msg = please_upgrade_string; + } + return true; + } + + return false; +} + /** Helper: As dirserv_router_get_status, but takes the router fingerprint * (hex, no spaces), nickname, address (used for logging only), IP address, OR * port and platform (logging only) as arguments. @@ -347,22 +388,8 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname, } } - /* Versions before Tor 0.2.4.18-rc are too old to support, and are - * missing some important security fixes too. Disable them. */ - if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) { - if (msg) - *msg = "Tor version is insecure or unsupported. Please upgrade!"; - return FP_REJECT; - } - - /* Tor 0.2.9.x where x<5 suffers from bug #20499, where relays don't - * keep their consensus up to date so they make bad guards. - * The simple fix is to just drop them from the network. */ - if (platform && - tor_version_as_new_as(platform,"0.2.9.0-alpha") && - !tor_version_as_new_as(platform,"0.2.9.5-alpha")) { - if (msg) - *msg = "Tor version contains bug 20499. Please upgrade!"; + /* Check whether the version is obsolete, broken, insecure, etc... */ + if (platform && dirserv_rejects_tor_version(platform, msg)) { return FP_REJECT; } diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h index 1d4085b091..0203cebfa9 100644 --- a/src/feature/dirauth/process_descs.h +++ b/src/feature/dirauth/process_descs.h @@ -38,6 +38,8 @@ int dirserv_would_reject_router(const routerstatus_t *rs); #ifdef TOR_UNIT_TESTS STATIC int dirserv_router_has_valid_address(routerinfo_t *ri); +STATIC bool dirserv_rejects_tor_version(const char *platform, + const char **msg); #endif /* defined(TOR_UNIT_TESTS) */ #endif /* !defined(TOR_RECV_UPLOADS_H) */ -- cgit v1.2.3-54-g00ecf From 49d6990cae0f6e7e636e320d0efcaec31b3c0453 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 29 Aug 2019 11:45:41 -0400 Subject: Unit tests for dirserv_reject_tor_version(). --- src/test/include.am | 1 + src/test/test.c | 1 + src/test/test.h | 1 + src/test/test_process_descs.c | 67 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+) create mode 100644 src/test/test_process_descs.c (limited to 'src') diff --git a/src/test/include.am b/src/test/include.am index 1e20f3f53f..101e915cf4 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -175,6 +175,7 @@ src_test_test_SOURCES += \ src/test/test_periodic_event.c \ src/test/test_policy.c \ src/test/test_process.c \ + src/test/test_process_descs.c \ src/test/test_prob_distr.c \ src/test/test_procmon.c \ src/test/test_proto_http.c \ diff --git a/src/test/test.c b/src/test/test.c index b9a1da06f0..5f27f994f2 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -858,6 +858,7 @@ struct testgroup_t testgroups[] = { { "crypto/pem/", pem_tests }, { "crypto/rng/", crypto_rng_tests }, { "dir/", dir_tests }, + { "dir/auth/process_descs/", process_descs_tests }, { "dir/md/", microdesc_tests }, { "dir/voting/flags/", voting_flags_tests }, { "dir/voting/schedule/", voting_schedule_tests }, diff --git a/src/test/test.h b/src/test/test.h index f5c21bfe88..d0b045a80b 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -252,6 +252,7 @@ extern struct testcase_t prob_distr_tests[]; extern struct testcase_t slow_stochastic_prob_distr_tests[]; extern struct testcase_t procmon_tests[]; extern struct testcase_t process_tests[]; +extern struct testcase_t process_descs_tests[]; extern struct testcase_t proto_http_tests[]; extern struct testcase_t proto_misc_tests[]; extern struct testcase_t protover_tests[]; diff --git a/src/test/test_process_descs.c b/src/test/test_process_descs.c new file mode 100644 index 0000000000..7dc9abde31 --- /dev/null +++ b/src/test/test_process_descs.c @@ -0,0 +1,67 @@ +/* Copyright (c) 2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" + +#include "core/or/or.h" +#include "feature/dirauth/process_descs.h" + +#include "test/test.h" + +static void +test_process_descs_versions(void *arg) +{ + (void)arg; + struct { + const char *version; + bool should_reject; + } cases[] = { + // a very old version: reject. + { "Tor 0.1.2.3-alpha", true }, + // a non-tor program: don't reject. + { "Wombat 0.1.2.3-alpha", false }, + // a slightly old version: reject + { "Tor 0.2.9.4-alpha", true }, + // a slightly old version: just new enough to support. + { "Tor 0.2.9.5-alpha", false }, + // a newer 0.2.9 version: supported. + { "Tor 0.2.9.100", false }, + // some unsupported versions: reject. + { "Tor 0.3.0.0-alpha-dev", true }, + { "Tor 0.3.0.2-alpha", true }, + { "Tor 0.3.0.5", true }, + { "Tor 0.3.1.4", true }, + { "Tor 0.3.2.4", true }, + { "Tor 0.3.3.4", true }, + { "Tor 0.3.4.1-alpha", true }, + { "Tor 0.3.4.100", true }, + { "Tor 0.3.5.1-alpha", true }, + { "Tor 0.3.5.6-rc", true}, + // new enough to be supported + { "Tor 0.3.5.7", false }, + { "Tor 0.3.5.8", false }, + { "Tor 0.4.0.1-alpha", false }, + { "Tor 0.4.1.5", false }, + // Very far in the future + { "Tor 100.100.1.5", false }, + }; + size_t n_cases = ARRAY_LENGTH(cases); + + for (unsigned i = 0; i < n_cases; ++i) { + const char *msg = NULL; + bool rejected = dirserv_rejects_tor_version(cases[i].version, &msg); + tt_int_op(rejected, OP_EQ, cases[i].should_reject); + tt_int_op(msg == NULL, OP_EQ, rejected == false); + } + + done: + ; +} + +#define T(name,flags) \ + { #name, test_process_descs_##name, (flags), NULL, NULL } + +struct testcase_t process_descs_tests[] = { + T(versions,0), + END_OF_TESTCASES +}; -- cgit v1.2.3-54-g00ecf