Commit c05bc1f8 authored by Iain Learmonth's avatar Iain Learmonth
Browse files

Keep overload-* lines unmodified in sanitised bridge descriptors.

This will depend on the version number as future versions may
include information we would not want to expose.

Hotfix for #40006.
parent 3be4d653
Pipeline #7284 failed with stage
in 2 minutes and 28 seconds
......@@ -143,6 +143,12 @@ public class SanitizedBridgeExtraInfoDescriptor
} else if (line.startsWith("router-sig-ed25519 ")) {
continue;
/* Write the following lines unmodified to the sanitized
* descriptor, also depending on the version number. */
} else if (line.startsWith("overload-ratelimits 1 ")
|| line.startsWith("overload-fd-exhausted 1 ")) {
scrubbed.append(line).newLine();
/* If we encounter an unrecognized line, stop parsing and print
* out a warning. We might have overlooked sensitive information
* that we need to remove or replace for the sanitized descriptor
......
......@@ -207,24 +207,29 @@ public class SanitizedBridgeServerDescriptor
/* Write the following lines unmodified to the sanitized
* descriptor. */
} else if (line.startsWith("accept ")
|| line.startsWith("platform ")
|| line.startsWith("opt protocols ")
|| line.startsWith("protocols ")
|| line.startsWith("proto ")
|| line.startsWith("uptime ")
|| line.startsWith("bandwidth ")
|| line.startsWith("opt hibernating ")
|| line.startsWith("hibernating ")
|| line.startsWith("ntor-onion-key ")
|| line.equals("opt hidden-service-dir")
|| line.equals("hidden-service-dir")
|| line.equals("opt caches-extra-info")
|| line.equals("caches-extra-info")
|| line.equals("opt allow-single-hop-exits")
|| line.equals("allow-single-hop-exits")
|| line.startsWith("ipv6-policy ")
|| line.equals("tunnelled-dir-server")
|| line.startsWith("bridge-distribution-request ")) {
|| line.startsWith("platform ")
|| line.startsWith("opt protocols ")
|| line.startsWith("protocols ")
|| line.startsWith("proto ")
|| line.startsWith("uptime ")
|| line.startsWith("bandwidth ")
|| line.startsWith("opt hibernating ")
|| line.startsWith("hibernating ")
|| line.startsWith("ntor-onion-key ")
|| line.equals("opt hidden-service-dir")
|| line.equals("hidden-service-dir")
|| line.equals("opt caches-extra-info")
|| line.equals("caches-extra-info")
|| line.equals("opt allow-single-hop-exits")
|| line.equals("allow-single-hop-exits")
|| line.startsWith("ipv6-policy ")
|| line.equals("tunnelled-dir-server")
|| line.startsWith("bridge-distribution-request ")) {
scrubbed.append(line).newLine();
/* Write the following lines unmodified to the sanitized
* descriptor, also depending on the version number. */
} else if (line.startsWith("overload-general 1 ")) {
scrubbed.append(line).newLine();
/* Replace node fingerprints in the family line with their hashes
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment