[tor-commits] [tor/master] hs: Ignore unparseable v3 introduction point

nickm at torproject.org nickm at torproject.org
Wed Jul 5 13:44:15 UTC 2017


commit 82dee76740062c00e98a7005f773672065abcf96
Author: David Goulet <dgoulet at torproject.org>
Date:   Wed May 10 09:40:26 2017 -0400

    hs: Ignore unparseable v3 introduction point
    
    It is possible that at some point in time a client will encounter unknown or
    new fields for an introduction point in a descriptor so let them ignore it for
    forward compatibility.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/or/hs_descriptor.c | 27 +++++++++------------------
 src/or/hs_descriptor.h |  3 ---
 2 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 2a000f5..b55f966 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -1747,18 +1747,13 @@ decode_introduction_point(const hs_descriptor_t *desc, const char *start)
 
 /* Given a descriptor string at <b>data</b>, decode all possible introduction
  * points that we can find. Add the introduction point object to desc_enc as we
- * find them. Return 0 on success.
- *
- * On error, a negative value is returned. It is possible that some intro
- * point object have been added to the desc_enc, they should be considered
- * invalid. One single bad encoded introduction point will make this function
- * return an error. */
-STATIC int
+ * find them. This function can't fail and it is possible that zero
+ * introduction points can be decoded. */
+static void
 decode_intro_points(const hs_descriptor_t *desc,
                     hs_desc_encrypted_data_t *desc_enc,
                     const char *data)
 {
-  int retval = -1;
   smartlist_t *chunked_desc = smartlist_new();
   smartlist_t *intro_points = smartlist_new();
 
@@ -1799,22 +1794,19 @@ decode_intro_points(const hs_descriptor_t *desc,
   SMARTLIST_FOREACH_BEGIN(intro_points, const char *, intro_point) {
     hs_desc_intro_point_t *ip = decode_introduction_point(desc, intro_point);
     if (!ip) {
-      /* Malformed introduction point section. Stop right away, this
-       * descriptor shouldn't be used. */
-      goto err;
+      /* Malformed introduction point section. We'll ignore this introduction
+       * point and continue parsing. New or unknown fields are possible for
+       * forward compatibility. */
+      continue;
     }
     smartlist_add(desc_enc->intro_points, ip);
   } SMARTLIST_FOREACH_END(intro_point);
 
  done:
-  retval = 0;
-
- err:
   SMARTLIST_FOREACH(chunked_desc, char *, a, tor_free(a));
   smartlist_free(chunked_desc);
   SMARTLIST_FOREACH(intro_points, char *, a, tor_free(a));
   smartlist_free(intro_points);
-  return retval;
 }
 /* Return 1 iff the given base64 encoded signature in b64_sig from the encoded
  * descriptor in encoded_desc validates the descriptor content. */
@@ -2040,9 +2032,8 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
   /* Initialize the descriptor's introduction point list before we start
    * decoding. Having 0 intro point is valid. Then decode them all. */
   desc_encrypted_out->intro_points = smartlist_new();
-  if (decode_intro_points(desc, desc_encrypted_out, message) < 0) {
-    goto err;
-  }
+  decode_intro_points(desc, desc_encrypted_out, message);
+
   /* Validation of maximum introduction points allowed. */
   if (smartlist_len(desc_encrypted_out->intro_points) > MAX_INTRO_POINTS) {
     log_warn(LD_REND, "Service descriptor contains too many introduction "
diff --git a/src/or/hs_descriptor.h b/src/or/hs_descriptor.h
index b8b9479..58c4089 100644
--- a/src/or/hs_descriptor.h
+++ b/src/or/hs_descriptor.h
@@ -223,9 +223,6 @@ STATIC smartlist_t *decode_link_specifiers(const char *encoded);
 STATIC hs_desc_intro_point_t *decode_introduction_point(
                                 const hs_descriptor_t *desc,
                                 const char *text);
-STATIC int decode_intro_points(const hs_descriptor_t *desc,
-                               hs_desc_encrypted_data_t *desc_enc,
-                               const char *data);
 STATIC int encrypted_data_length_is_valid(size_t len);
 STATIC int cert_is_valid(tor_cert_t *cert, uint8_t type,
                          const char *log_obj_type);





More information about the tor-commits mailing list