When examining descriptors as a dirserver, reject ones with bad versions

This is an extra fix for bug 21278: it ensures that these descriptors and platforms will never be listed in a legit consensus.
2017-02-13 11:18:04 -05:00 · 2017-02-13 11:18:04 -05:00 · 02e05bd74d
parent f63e06d3dc
commit 02e05bd74d
2 changed files with 14 additions and 0 deletions
--- a/changes/bug21278_prevention
+++ b/changes/bug21278_prevention
@ -0,0 +1,4 @@
+  o Minor features (directory authority):
+    - Directory authorities now reject descriptors that claim to be
+      malformed versions of Tor. Helps prevent exploitation of bug 21278.
+      
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -365,6 +365,16 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
            strmap_size(fingerprint_list->fp_by_name),
            digestmap_size(fingerprint_list->status_by_digest));

+  if (platform) {
+    tor_version_t ver_tmp;
+    if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
+      if (msg) {
+        *msg = "Malformed platform string.";
+      }
+      return FP_REJECT;
+    }
+  }
+
  /* Versions before Tor 0.2.4.18-rc are too old to support, and are
   * missing some important security fixes too. Disable them. */
  if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {