[tor-bugs] #9002 [Tor]: Clients should discard v2 HS descriptors with more than 10 intro points
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 16 23:52:17 UTC 2013
#9002: Clients should discard v2 HS descriptors with more than 10 intro points
---------------------------------+------------------------------------------
Reporter: rransom | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: 023-backport tor-hs | Parent: #9001
Points: | Actualpoints:
---------------------------------+------------------------------------------
Comment(by rransom):
Replying to [comment:2 nickm]:
> Any reason for HSDirs to not reject them too?
No. However:
* Malicious HSDirs could still serve them, so rejecting them at the HSDir
end is not sufficient.
* If an HS requires client authorization, then it encrypts the intro-
point list in its descriptors, so HSDirs can't count on being able to
parse the intro-point list, so v2 HSDirs don't currently parse the intro-
point list ever, so please don't expose any more potentially crashy-buggy
parsing code at the relay end over this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9002#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list