[tor-bugs] #26037 [Core Tor/Tor]: DirAuths should check vote signatures before parsing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 13 16:53:18 UTC 2018
#26037: DirAuths should check vote signatures before parsing
--------------------------------------+------------------------------------
Reporter: isis | Owner: Samdney
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-security, tor-crypto | Actual Points:
Parent ID: | Points: 2
Reviewer: | Sponsor:
--------------------------------------+------------------------------------
Comment (by Samdney):
I read me through the necessary part of the code for this ticket and it
turned out two topics for me:
1. In networkstatus_parse_vote_from_string() (tor/src/or/routerparse.c):
It does all the parsing and the signatur verification happens very late.
=> This verification should be moved to an earlier point
=> Should we separate this part from the current
networkstatus_parse_vote_from_string() function? Or only moving within
networkstatus_parse_vote_from_string() to an earlier point?
2. The ticket also mentioned the trusteddirserver_get_by_v3_auth_digest()
(tor/src/or/routerparse.c):
From my spontenous thinking, it would be better it could happen before
networkstatus_parse_vote_from_string(), but of course we have some
dependences here from networkstatus_parse_vote_from_string().
I need some input for the best strategy/respectively what would you
prefer.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26037#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list