fixup! Bug 30237: Add v3 onion services client authentication prompt (!381) · Merge requests · The Tor Project / Applications / Tor Browser · GitLab

Snippets Groups Projects

Merged morgan requested to merge morgan/tor-browser:bug_40465 into tor-browser-102.3.0esr-12.0-2 2 years ago

All threads resolved!

strip subdomain off of onion hostname when extracting the onion service id for use with the ONION_CLIENT_AUTH_ADD command

fixes #40465 (closed)

This function receives a hostname from an onon URI. I haven't tested this end-to-end but have verified the regex works as expected with the following:

const onionServiceIdRegExp = /^(.*\.)*(?<onionServiceId>[a-z2-7]{56})\.onion$/i;
// duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad
"duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
"DUCKDUCKGOgg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
"duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.ONION".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
"foo.FOO.duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
// throws because of null due to not matching 
"".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
"www.cnn.com".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();
"fake.onion".match(onionServiceIdRegExp).groups.onionServiceId.toLowerCase();

The 'Invalid v3 address...' error comes from the tor daemon itself (rather than Tor Browser), so it seems the original cypherpunk was spot-on in their diagnoses of the problem and this error most likely comes from the invalid arg to the ONION_CLIENT_AUTH_ADD command.

Activity

morgan assigned to @richard 2 years ago

assigned to @richard
🤖 Triage Bot 🤖 requested review from @boklm 2 years ago

requested review from @boklm
morgan removed review request for @boklm 2 years ago

removed review request for @boklm
🤖 Triage Bot 🤖 requested review from @henry 2 years ago

requested review from @henry
morgan @morgan 2 years ago

Author Owner

FWIW end-to-end validation is blocked on #41344 (closed)
henry @henry started a thread on the diff 2 years ago

Resolved 2 years ago by henry
Last reply by henry 2 years ago

henry resolved all threads 2 years ago

resolved all threads

henry approved this merge request 2 years ago

approved this merge request

ma1 mentioned in merge request !390 (closed) 2 years ago

mentioned in merge request !390 (closed)

morgan added 20 commits 2 years ago

added 20 commits

b8cfa021...caa59888 - 19 commits from branch tpo/applications:tor-browser-102.3.0esr-12.0-2
400276c6 - fixup! Bug 30237: Add v3 onion services client authentication prompt

Compare with previous version

morgan marked this merge request as draft from 2 years ago

marked this merge request as draft from richard/tor-browser@400276c6

Gitolite Merge Bot merged 2 years ago

merged

morgan marked this merge request as ready 2 years ago

marked this merge request as ready

Please register or sign in to reply