[tor-bugs] #18938 [Core Tor/Tor]: Authorities should reject non-ASCII content in ExtraInfo descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 30 00:45:49 UTC 2016
#18938: Authorities should reject non-ASCII content in ExtraInfo descriptors
------------------------------+--------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: 029-proposed
Actual Points: | Parent ID: #18656
Points: small | Reviewer:
Sponsor: |
------------------------------+--------------------------
In #18656, we discovered that authorities don't validate that ExtraInfo
descriptors are printable ASCII before accepting them.
Authorities (and HSDirs) should check every directory document they
receive consists only of "printing ASCII", as defined in torspec:
{{{
NL = The ascii LF character (hex value 0x0a).
KeywordChar ::= 'A' ... 'Z' | 'a' ... 'z' | '0' ... '9' | '-'
ArgumentChar ::= any printing ASCII character except NL.
WS = (SP | TAB)+
}}}
I've heard others say that the following lines allow non-ASCII content,
but I'm not sure if that's actually the case, and if it is, how many
relays this would affect:
* the "platform" line in relay descriptors, which is a "human-readable
string",
* the contact "info" line in relay descriptors, which has an undefined
format.
If it is, I'd recommend we make them all ASCII for consistency, and update
torspec to clarify, and include it as a "major" change in an 0.2.x tor
release.
(This means that some users will be unable to spell their names correctly.
But there was never any guarantee that 8-bit characters in "info" would be
interpreted as users intended. I think security is more important here.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18938>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list