[tor-bugs] #27367 [Core Tor/Tor]: Authorities and relays should reject non-UTF-8 in relay descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 30 15:13:54 UTC 2018
#27367: Authorities and relays should reject non-UTF-8 in relay descriptors
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.6.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: rust-wants, prop285, | Actual Points:
034-triage-20180328, 034-removed-20180328 |
Parent ID: #24033 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cyberpunks):
Replying to [comment:7 teor]:
> Since the UTF-8 checking function accepts a length, we should probably
also check for NUL. If we fail on the first NUL, this check becomes a
last-ditch memory safety check, as most bytes in RAM are NUL.
>
> We should probably also log a bug warning if the function encounters a
NUL byte:
Receiving a NUL byte isn't a bug though. This function is processing
untrusted input from `fetch_from_buf_http()` that might contain anything
including NUL bytes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27367#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list