Merge branch 'maint-0.3.1' into maint-0.3.2 (d01abb93) · Commits · David Goulet / Tor

changes/bug25249

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes (spec conformance):
		- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
		0.2.9.4-alpha.

changes/bug25249.2

0 → 100644

+3 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes (spec conformance):
		- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
		bugfix on 0.2.9.4-alpha.

changes/trove-2018-001.1

0 → 100644

+6 −0

Original line number	Diff line number	Diff line
		o Major bugfixes (denial-of-service, directory authority):
		- Fix a protocol-list handling bug that could be used to remotely crash
		directory authorities with a null-pointer exception. Fixes bug 25074;
		bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001.

changes/trove-2018-004

0 → 100644

+8 −0

Original line number	Diff line number	Diff line
		o Minor bugfixes (denial-of-service):
		- Fix a possible crash on malformed consensus. If a consensus had
		contained an unparseable protocol line, it could have made clients
		and relays crash with a null-pointer exception. To exploit this
		issue, however, an attacker would need to be able to subvert the
		directory-authority system. Fixes bug 25251; bugfix on
		0.2.9.4-alpha. Also tracked as TROVE-2018-004.

src/or/protover.c

+29 −6

Original line number	Diff line number	Diff line
		@@ -103,6 +103,9 @@ proto_entry_free(proto_entry_t *entry)
		tor_free(entry);
		}

		/** The largest possible protocol version. */
		#define MAX_PROTOCOL_VERSION (UINT32_MAX-1)

		/**
		* Given a string <b>s</b> and optional end-of-string pointer
		* <b>end_of_range</b>, parse the protocol range and store it in
		@@ -123,9 +126,14 @@ parse_version_range(const char s, const char end_of_range,
		if (BUG(!end_of_range))
		end_of_range = s + strlen(s); // LCOV_EXCL_LINE

		/* A range must start with a digit. */
		if (!TOR_ISDIGIT(*s)) {
		goto error;
		}

		/* Note that this wouldn't be safe if we didn't know that eventually,
		* we'd hit a NUL */
		low = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
		low = (uint32_t) tor_parse_ulong(s, 10, 0, MAX_PROTOCOL_VERSION, &ok, &next);
		if (!ok)
		goto error;
		if (next > end_of_range)
		@@ -138,13 +146,21 @@ parse_version_range(const char s, const char end_of_range,
		if (*next != '-')
		goto error;
		s = next+1;

		/* ibid */
		high = (uint32_t) tor_parse_ulong(s, 10, 0, UINT32_MAX, &ok, &next);
		if (!TOR_ISDIGIT(*s)) {
		goto error;
		}
		high = (uint32_t) tor_parse_ulong(s, 10, 0,
		MAX_PROTOCOL_VERSION, &ok, &next);
		if (!ok)
		goto error;
		if (next != end_of_range)
		goto error;

		if (low > high)
		goto error;

		done:
		*high_out = high;
		*low_out = low;
		@@ -195,10 +211,6 @@ parse_single_entry(const char s, const char end_of_entry)
		goto error;
		}

		if (range->low > range->high) {
		goto error;
		}

		s = comma;
		while (*s == ',' && s < end_of_entry)
		++s;
		@@ -554,6 +566,12 @@ protover_compute_vote(const smartlist_t *list_of_proto_strings,
		// First, parse the inputs and break them into singleton entries.
		SMARTLIST_FOREACH_BEGIN(list_of_proto_strings, const char *, vote) {
		smartlist_t *unexpanded = parse_protocol_list(vote);
		if (! unexpanded) {
		log_warn(LD_NET, "I failed with parsing a protocol list from "
		"an authority. The offending string was: %s",
		escaped(vote));
		continue;
		}
		smartlist_t *this_vote = expand_protocol_list(unexpanded);
		if (this_vote == NULL) {
		log_warn(LD_NET, "When expanding a protocol list from an authority, I "
		@@ -618,6 +636,11 @@ protover_all_supported(const char s, char *missing_out)
		}

		smartlist_t *entries = parse_protocol_list(s);
		if (BUG(entries == NULL)) {
		log_warn(LD_NET, "Received an unparseable protocol list %s"
		" from the consensus", escaped(s));
		return 1;
		}

		missing = smartlist_new();