[tor-bugs] #18938 [Core Tor/Tor]: Authorities should reject non-ASCII content in ExtraInfo descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 8 00:13:27 UTC 2016
#18938: Authorities should reject non-ASCII content in ExtraInfo descriptors
----------------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: needs-proposal-maybe | Actual Points:
Parent ID: #18656 | Points: 1
Reviewer: | Sponsor:
----------------------------------+------------------------------------
Comment (by teor):
Replying to [comment:7 Sebastian]:
> Seems we're moving rather fast with this, shouldn't we first warn the
relay operators about it? How many relays does this affect?
It affects no relay descriptors, and the one relay extrainfo that agagar
mentioned.
`grep "[^A-Za-z0-9:*/@.=+ <>\[\]_,-.]" cached-descriptors` returns no
lines. And we'd use a less restrictive set of ASCII characters `space
through ~`.
I can't even find the platform line that caused the issue in Atlas, so I
wonder if it's an Atlas bug. The most recent descriptor for it has a
normal platform line:
https://collector.torproject.org/recent/relay-descriptors/server-
descriptors/2016-07-06-06-05-14-server-descriptors
I'm happy to reject it on the relay side in one release, and then have
authorities reject it later. But given it affects 1-2 relays out of 7000,
I would also be happy to fix it simultaneously on authorities and clients.
If we use nickm's simpler fix where authorities reject non-ASCII
documents, it would only take effect after a majority of authorities
upgraded to 0.2.9, or all authorities upgraded to 0.2.9, depending on
where we do the check.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18938#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list