tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit f69510ba4b196ed40fce64f24b5b7799b68d182b
parent f6a230ec9555688d61db37eb22c8823619332d83
Author: Nick Mathewson <nickm@torproject.org>
Date:   Thu, 15 Feb 2018 08:37:19 -0500

Rust protover compat: forbid more than MAX_VERSIONS_TO_EXPAND in a range

Also correct MAX_VERSIONS_TO_EXPAND to match the C.

NOTE that this patch leads to incorrect behavior: the C code allows
huge ranges; it just doesn't allow votes on them (currently).  For
full compatibility, we'll need to make the rust code store ranges as
ranges natively, possibly using something like the range_map crate.

Still, this patch is smaller than a "proper" fix.

Fixes TROVE-2018-003.

Diffstat:

Msrc/rust/protover/protover.rs | 15++++++++++++---


1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs
@@ -23,7 +23,7 @@ const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha";
 /// before concluding that someone is trying to DoS us
 ///
 /// C_RUST_COUPLED: src/or/protover.c `MAX_PROTOCOLS_TO_EXPAND`
-const MAX_PROTOCOLS_TO_EXPAND: u32 = 500;
+const MAX_PROTOCOLS_TO_EXPAND: usize = (1<<16);
 
 /// Currently supported protocols and their versions, as a byte-slice.
 ///
@@ -209,7 +209,7 @@ impl Versions {
                 )?);
             }
 
-            if versions.len() > MAX_PROTOCOLS_TO_EXPAND as usize {
+            if versions.len() > MAX_PROTOCOLS_TO_EXPAND {
                 return Err("Too many versions to expand");
             }
         }
@@ -448,7 +448,13 @@ fn expand_version_range(range: &str) -> Result<Range<u32>, &'static str> {
     ))?;
 
     // We can use inclusive range syntax when it becomes stable.
-    Ok(lower..higher + 1)
+    let result = lower..higher + 1;
+
+    if result.len() > MAX_PROTOCOLS_TO_EXPAND {
+        Err("Too many protocols in expanded range")
+    } else {
+        Ok(result)
+    }
 }
 
 /// Checks to see if there is a continuous range of integers, starting at the
@@ -862,6 +868,9 @@ mod test {
             Err("cannot parse protocol range upper bound"),
             expand_version_range("1-a")
         );
+        assert_eq!(Ok(1000..66536), expand_version_range("1000-66535"));
+        assert_eq!(Err("Too many protocols in expanded range"),
+                   expand_version_range("1000-66536"));
     }
 
     #[test]