Authorities reject insecure Tors.

This patch should make us reject every Tor that was vulnerable to CVE-2011-0427. Additionally, it makes us reject every Tor that couldn't handle RELAY_EARLY cells, which helps with proposal 110 (#4339).

Authorities reject insecure Tors.
9bcb1873 · Nick Mathewson · da876aec · 9bcb1873 · 9bcb1873
Commit 9bcb1873 authored 13 years ago by Nick Mathewson
--- a/changes/bug4788
+++ b/changes/bug4788
+  o Minor features (directory server):
+    - Directory servers now reject versions of Tor older than 0.2.1.30,
+      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+      (inclusive). These versions accounted for only a small fraction of
+      the Tor network, and have numerous known security issues. Resolves
+      issue #4788.
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -388,19 +388,20 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
              strmap_size(fingerprint_list->fp_by_name),
              digestmap_size(fingerprint_list->status_by_digest));
-  /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
+  /* Versions before Tor 0.2.1.30 have known security issues that
-   * directory information.  Once more of them die off, we should raise this
+   * make them unsuitable for the current network. */
-   * minimum. */
+  if (platform && !tor_version_as_new_as(platform,"0.2.1.30")) {
-  if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
    if (msg)
-      *msg = "Tor version is far too old to work.";
+      *msg = "Tor version is insecure. Please upgrade!";
-    return FP_REJECT;
-  } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
-                      && !tor_version_as_new_as(platform, "0.2.1.19")) {
-    /* These versions mishandled RELAY_EARLY cells on rend circuits. */
-    if (msg)
-      *msg = "Tor version is too buggy to work.";
    return FP_REJECT;
+  } else if (platform && tor_version_as_new_as(platform,"0.2.2.1-alpha")) {
+    /* Versions from 0.2.2.1-alpha...0.2.2.20-alpha have known security
+     * issues that make them unusable for the current network */
+    if (!tor_version_as_new_as(platform, "0.2.2.21-alpha")) {
+      if (msg)
+        *msg = "Tor version is insecure. Please upgrade!";
+      return FP_REJECT;
+    }
  }
  result = dirserv_get_name_status(id_digest, nickname);