[tor-bugs] #18029 [Tor]: ADD_ONION doesn't validate its target
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 11 00:36:03 UTC 2016
#18029: ADD_ONION doesn't validate its target
------------------------+-----------------
Reporter: atagar | Owner:
Type: defect | Status: new
Priority: Low | Milestone:
Component: Tor | Version:
Severity: Minor | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
------------------------+-----------------
The target ADD_ONION accepts is documented as matching
[https://www.torproject.org/docs/tor-manual.html.en#HiddenServicePort
HiddenServicePort] but evidently doesn't validate that it's given a valid
address...
{{{
>>> GETINFO version
250-version=0.2.7.6-dev (git-b34c5c6b8ac0d13d)
250 OK
>>> ADD_ONION NEW:BEST Port=4567,not_an_address:4567
250-ServiceID=4e5bpsy6e46onv3k
250-PrivateKey=RSA1024:[crypto blob]
250 OK
}}}
Honestly I'm a tad mystified since this is breaking Stem's integ tests,
but only started manifesting after I reformatted my system yesterday. I'd
expect our Jenkins tests to be failing so this might be something local,
but if so I'm stumped.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18029>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list