[tor-bugs] #27316 [Core Tor/Tor]: protover.c accepts arbitrary bytes in protocol names

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 25 19:18:59 UTC 2018


#27316: protover.c accepts arbitrary bytes in protocol names
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  (none)
  cyberpunks             |
         Type:  defect   |     Status:  new
     Priority:  Medium   |  Milestone:
    Component:  Core     |    Version:  Tor: 0.2.9.4-alpha
  Tor/Tor                |   Keywords:  protover, 029-backport,
     Severity:  Normal   |  032-backport, 033-backport, 034-backport,
                         |  unicode
Actual Points:           |  Parent ID:
       Points:           |   Reviewer:
      Sponsor:           |
-------------------------+-------------------------------------------------
 [https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt dir-spec.txt]
 defines a protocol name as a Keyword, and strictly limits what character
 set is allowed in a Keyword:
 {{{
     Keyword = KeywordChar+
     KeywordChar ::= 'A' ... 'Z' | 'a' ... 'z' | '0' ... '9' | '-'
 }}}

 But `"Foo_Bar=1"`, `",,,=1"`, and arbitrary Unicode strings like
 `"Risqu\u00e9=1"` are accepted. Bytes that aren't even valid Unicode like
 `"\xc1=1"` are also fine, as long as no bytes are the null byte, `=`, or
 the space character.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27316>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list