tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 3890ad25787ad6142acd65d064168ead53e9a289
parent 103dd68ba8e1d0780dee1ef1c02ccd2ed6cc0542
Author: rl1987 <rl1987@sdf.lonestar.org>
Date:   Tue, 28 Aug 2018 18:32:31 +0300

Stricter HiddenServicePort parsing

Diffstat:

Achanges/bug27044 | 5+++++


Msrc/feature/rend/rendservice.c | 8++++++++


Msrc/test/test_controller.c | 7+++++++


Msrc/test/test_hs_config.c | 14++++++++++++++


4 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/changes/bug27044 b/changes/bug27044
@@ -0,0 +1,5 @@
+  o Minor bugfixes (configuration, Onion Services):
+    - In rend_service_parse_port_config(), disallow any input to
+      remain after address-port pair was parsed. This will catch
+      address and port being whitespace-separated by mistake of
+      the user. Fixes bug 27044; bugfix on 0.2.9.10.
diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c
@@ -451,11 +451,19 @@ rend_service_parse_port_config(const char *string, const char *sep,
     int is_unix;
     ret = port_cfg_line_extract_addrport(addrport_element, &addrport,
                                          &is_unix, &rest);
+
     if (ret < 0) {
       tor_asprintf(&err_msg, "Couldn't process address <%s> from hidden "
                    "service configuration", addrport_element);
       goto err;
     }
+
+    if (rest && strlen(rest)) {
+      err_msg = tor_strdup("HiddenServicePort parse error: invalid port "
+                           "mapping");
+      goto err;
+    }
+
     if (is_unix) {
       socket_path = addrport;
       is_unix_addr = 1;
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
@@ -346,6 +346,13 @@ test_rend_service_parse_port_config(void *arg)
             "in hidden service port configuration.");
   tor_free(err_msg);
 
+  /* Wrong target address and port separation */
+  cfg = rend_service_parse_port_config("80,127.0.0.1 1234", sep,
+                                       &err_msg);
+  tt_ptr_op(cfg, OP_EQ, NULL);
+  tt_assert(err_msg);
+  tor_free(err_msg);
+
  done:
   rend_service_port_config_free(cfg);
   tor_free(err_msg);
diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c
@@ -139,6 +139,20 @@ test_invalid_service(void *arg)
     teardown_capture_of_logs();
   }
 
+  /* Bad target addr:port separation. */
+  {
+    const char *conf =
+      "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
+      "HiddenServiceVersion 2\n"
+      "HiddenServicePort 80 127.0.0.1 8000\n";
+    setup_full_capture_of_logs(LOG_WARN);
+    ret = helper_config_service(conf, 1);
+    tt_int_op(ret, OP_EQ, -1);
+    expect_log_msg_containing("HiddenServicePort parse error: "
+                              "invalid port mapping");
+    teardown_capture_of_logs();
+  }
+
   /* Out of order directives. */
   {
     const char *conf =