[tor-bugs] #9097 [Tor]: Hidden service v0 and v1 descriptor code should go away
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 19 11:02:29 UTC 2013
#9097: Hidden service v0 and v1 descriptor code should go away
--------------------+-------------------------------------------------------
Reporter: andrea | Owner:
Type: task | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version: Tor: 0.2.4.14-alpha
Keywords: | Parent:
Points: | Actualpoints:
--------------------+-------------------------------------------------------
Hidden service INTRODUCE cell formats v0 and v1 are obsolete; the current
hidden service code (rend_service_update_descriptor() of rendservice.c)
only advertises support for v2 and v3 in descriptors.
The client-side INTRODUCE code in rend_client_send_introduction() of
rendclient.c doesn't appear to ever generate the v1 cell format. It
generates v3 if supported, then v2 if not, or v0 if neither v2 or v3 is
marked supported in the descriptor. It does not test if the descriptor
supports v0, but always generates and sends a v0 cell if neither v2 or v3
is supported. This behavior is broken but in a way that probably can
never manifest.
The server-side v0/v1 INTRODUCE parsing code triggers a false positive
buffer overflow warning in Coverity scan - which turns out to always be
safe because the string in question is always NUL-terminated by that
point. Still, it's a bit hair-raising to see and there's no reason for
that code to still exist.h
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9097>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list