[tor-bugs] #18938 [Core Tor/Tor]: Authorities should reject non-ASCII content in ExtraInfo descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 8 00:19:02 UTC 2016
#18938: Authorities should reject non-ASCII content in ExtraInfo descriptors
----------------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: needs-proposal-maybe | Actual Points:
Parent ID: #18656 | Points: 1
Reviewer: | Sponsor:
----------------------------------+------------------------------------
Comment (by Sebastian):
I don't like Nick's easy fix I think. The dirauths that upgrade often are
also the ones that do the important stuff (badexit, bwauth) so you might
be able to ensure you don't get the badexit flag by putting non-ascii into
your descriptor.
To the parser argument, I kinda think the ship has sailed for anything
that wants to be able to parse historic descriptors. I'm still in favor of
not allowing arbitrary bytes in contact info going forward, but I think we
should have it in relays before we have it in dirauths.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18938#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list