When examining descriptors as a dirserver, reject ones with bad versions
This is an extra fix for bug 21278: it ensures that these descriptors and platforms will never be listed in a legit consensus.
This commit is contained in:
parent
f63e06d3dc
commit
02e05bd74d
|
@ -0,0 +1,4 @@
|
|||
o Minor features (directory authority):
|
||||
- Directory authorities now reject descriptors that claim to be
|
||||
malformed versions of Tor. Helps prevent exploitation of bug 21278.
|
||||
|
|
@ -365,6 +365,16 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
|
|||
strmap_size(fingerprint_list->fp_by_name),
|
||||
digestmap_size(fingerprint_list->status_by_digest));
|
||||
|
||||
if (platform) {
|
||||
tor_version_t ver_tmp;
|
||||
if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
|
||||
if (msg) {
|
||||
*msg = "Malformed platform string.";
|
||||
}
|
||||
return FP_REJECT;
|
||||
}
|
||||
}
|
||||
|
||||
/* Versions before Tor 0.2.4.18-rc are too old to support, and are
|
||||
* missing some important security fixes too. Disable them. */
|
||||
if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {
|
||||
|
|
Loading…
Reference in New Issue