commit 7a0a8dd8d4218d5dabec3c2e47bebc4d1771236e Author: Damian Johnson atagar@torproject.org Date: Wed Mar 4 17:49:09 2020 -0800

Extrainfo descriptor transport lines fail validation

Oops! Transport lines effectviely never appear aside from raw bridge descriptors (which we never see), so I didn't have a live example to test with.

Now we have one. DocTor's descriptor validation check is failing with...

03/05/2020 00:35:33 [WARNING] Unable to retrieve the extrainfo descriptors: Transport line has a malformed address: transport obfs4 [2001:985:e77:5:fd34:f56b:c2d1:e98c]:10394 cert=dJ/a+vnP+eFv7FDaVUqWCVlyrqf8FlOva2YAEkDUwiGQuorZf4Oc6FXSdyn8b4pUmZj/WA,iat-mode=0

Caught thanks to GeKo. --- docs/change_log.rst | 4 ++++ stem/descriptor/extrainfo_descriptor.py | 2 +- test/unit/descriptor/extrainfo_descriptor.py | 17 +++++++++++++++++ 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/docs/change_log.rst b/docs/change_log.rst index 792baaca..8f306b44 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -50,6 +50,10 @@ The following are only available within Stem's `git repository

* Socket based control connections often raised BrokenPipeError when closed

+ * **Descriptors** + + * *transport* lines within extrainfo descriptors failed to validate + .. _version_1.8:

Version 1.8 (December 29th, 2019) diff --git a/stem/descriptor/extrainfo_descriptor.py b/stem/descriptor/extrainfo_descriptor.py index dcca9d14..d92bb770 100644 --- a/stem/descriptor/extrainfo_descriptor.py +++ b/stem/descriptor/extrainfo_descriptor.py @@ -286,7 +286,7 @@ def _parse_transport_line(descriptor, entries): name = value_comp[0] address, port_str = value_comp[1].rsplit(':', 1)

- if not stem.util.connection.is_valid_ipv4_address(address) or \ + if not stem.util.connection.is_valid_ipv4_address(address) and not \ stem.util.connection.is_valid_ipv6_address(address, allow_brackets = True): raise ValueError('Transport line has a malformed address: transport %s' % value) elif not stem.util.connection.is_valid_port(port_str): diff --git a/test/unit/descriptor/extrainfo_descriptor.py b/test/unit/descriptor/extrainfo_descriptor.py index 25cbf489..2dae4de7 100644 --- a/test/unit/descriptor/extrainfo_descriptor.py +++ b/test/unit/descriptor/extrainfo_descriptor.py @@ -643,6 +643,23 @@ k0d2aofcVbHr4fPQOSST0LXDrhFl5Fqo5um296zpJGvRUeO6S44U/EfJAGShtqWw expect_invalid_attr(self, {keyword: entry}, stat_attr) expect_invalid_attr(self, {keyword: entry}, extra_attr, {})

+ def test_transport(self): + """ + These lines are only applicable in raw bridge descriptors, which are + unavailable to the public. That said, misconfigured relays can occasionally + emit these. + """ + + desc = RelayExtraInfoDescriptor.create({'transport': 'obfs4 [2001:985:e77:5:fd34:f56b:c2d1:e98c]:10394 cert=dJ/a+vnP/WA,iat-mode=0'}) + + self.assertEqual({'obfs4': ( + '[2001:985:e77:5:fd34:f56b:c2d1:e98c]', + 10394, + ['cert=dJ/a+vnP/WA,iat-mode=0'], + )}, desc.transport) + + expect_invalid_attr(self, {'transport': 'obfs4 invalid_address:123'}, 'transport', {}) + def test_padding_counts(self): """ Check the 'hidserv-dir-onions-seen' lines.