From 5d31fd12a9a5b47d9d229a366346a52131bc8c86 Mon Sep 17 00:00:00 2001 From: 5225225 <5225225@mailbox.org> Date: Tue, 2 Jun 2026 15:47:00 +0100 Subject: [PATCH] tor-netdoc: fix crash with non-ascii in port policy --- crates/tor-netdoc/src/doc/microdesc.rs | 6 ++++++ crates/tor-netdoc/src/types/policy/portpolicy.rs | 4 +++- crates/tor-netdoc/testdata/bad-mds/non-ascii-policy | 10 ++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 crates/tor-netdoc/testdata/bad-mds/non-ascii-policy diff --git a/crates/tor-netdoc/src/doc/microdesc.rs b/crates/tor-netdoc/src/doc/microdesc.rs index 44892efc77..2b9c99e8a3 100644 --- a/crates/tor-netdoc/src/doc/microdesc.rs +++ b/crates/tor-netdoc/src/doc/microdesc.rs @@ -630,6 +630,12 @@ mod test { .at_pos(Pos::from_line(9, 1)) .with_source(PolicyError::InvalidPort), ); + check( + "non-ascii-policy", + &EK::BadPolicy + .at_pos(Pos::from_line(9, 1)) + .with_source(PolicyError::InvalidPort), + ); check("wrong-id", &EK::MissingToken.with_msg("id ed25519")); } diff --git a/crates/tor-netdoc/src/types/policy/portpolicy.rs b/crates/tor-netdoc/src/types/policy/portpolicy.rs index 7ca46aafa2..da17e15e6b 100644 --- a/crates/tor-netdoc/src/types/policy/portpolicy.rs +++ b/crates/tor-netdoc/src/types/policy/portpolicy.rs @@ -114,7 +114,8 @@ impl FromStr for PortPolicy { // the space between "accept/reject" and the arguments. return Err(PolicyError::InvalidPort); } - let kind = RuleKind::from_str(&s[..6]).map_err(|_| PolicyError::InvalidPort)?; + let kind_str = s.get(..6).ok_or(PolicyError::InvalidPort)?; + let kind = RuleKind::from_str(kind_str).map_err(|_| PolicyError::InvalidPort)?; let s = &s[7..]; let mut allowed = PortRanges::from_str(s)?; if kind == RuleKind::Reject { @@ -256,6 +257,7 @@ mod test { "reject 1,1,1,1", "reject 1,2,foo,4", "reject 5,4,3,2", + "acce ¬", ] { assert!(s.parse::().is_err()); assert!( diff --git a/crates/tor-netdoc/testdata/bad-mds/non-ascii-policy b/crates/tor-netdoc/testdata/bad-mds/non-ascii-policy new file mode 100644 index 0000000000..dfd5765eb6 --- /dev/null +++ b/crates/tor-netdoc/testdata/bad-mds/non-ascii-policy @@ -0,0 +1,10 @@ +onion-key +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBALiyRXkiUmFQAmd1+Sy2ApNiPE4F54H7dKUwRqvCs+PqpqExaM2ybqMd +Zzjkgsp41jjOxk/m5RGyo+wLTo3C1TanWsf3CFfoL836KYiv9IjguIuH8FH/EpX1 +ss5ChhkkKNhPtvOMFfVe0iuN0abUdGSmixKUVNW0/LiNzXa9Fa/jAgMBAAE= +-----END RSA PUBLIC KEY----- +ntor-onion-key gkQqYIYcecF1KwS2wVV/oVQAuf6oeTWzswXFkEVs/nE= +family $0BC8BA32CC3CB0F598E0C92778F7C0946DFBCE91 $195712E96FD1C1B18D14D09E9E4E7A6416E23B2C $22404A3E87F2D7FE2FC6359FDE71B6DC2D6E730F $26C28F29B611DF4DE23ACF5D9DC1EB4895EF5E8B $486740353B905AA4731F82C0B4CC25821A62C6E3 $4D0DF468DC816F8096702C2DA2C6FD67561F81C8 $4DD902046E7155BBE79C34EE6D53BF7408B98CE4 $78BC2254D3B31CD865F7682633AA438212132532 $7B700C0C207EBD0002E00F499BE265519AC3C25A $846B3EAAF0C07FF72FC79AEBB11FA3ADC58F240F $868A253C330F40FBE435D9320849397F85823E86 $A60697FF383EEEE2E88505DD4E305C07BF326B11 $A690C6AA8102C027D297AF3401BFE16918CCF7A6 $A6AA94B4007A0E2919B2DA8ECF2CFA3CA1761A13 $C19B33758B3A5144894233EC4C95D7985B9FD101 $DC2191663DD4BAECB34F949CCAC3FDA004CE5BCE $F0F5074A6DADD3DC22E1FAA18FD6D89CBC52771A $FC077C25B8DBB3132D397D7DF03C92BFC14C9D76 +p6 acce ¬ +id ed25519 k3TwldYWObTQkjmY83o+uG6xcbD5b/Zda8QPc/C5Ftg -- GitLab