When examining descriptors as a dirserver, reject ones with bad versions

This is an extra fix for bug 21278: it ensures that these
descriptors and platforms will never be listed in a legit consensus.

diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention
new file mode 100644 (file)
index 0000000..e07f0a6
--- /dev/null
+++ b/changes/bug21278_prevention
@@ -0,0 +1,4 @@
+  o Minor features (directory authority):
+    - Directory authorities now reject descriptors that claim to be
+      malformed versions of Tor. Helps prevent exploitation of bug 21278.
+      

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 1b614b949e08fffda395347426363dd8a11db713..fa3938b5ec7048a667280c8599e8fd0cf0196667 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -365,6 +365,16 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
             strmap_size(fingerprint_list->fp_by_name),
             digestmap_size(fingerprint_list->status_by_digest));
 
+  if (platform) {
+    tor_version_t ver_tmp;
+    if (tor_version_parse_platform(platform, &ver_tmp, 1) < 0) {
+      if (msg) {
+        *msg = "Malformed platform string.";
+      }
+      return FP_REJECT;
+    }
+  }
+
   /* Versions before Tor 0.2.4.18-rc are too old to support, and are
    * missing some important security fixes too. Disable them. */
   if (platform && !tor_version_as_new_as(platform,"0.2.4.18-rc")) {