From a02eef2a1958dc40a3f82a656f6c3562094b79b9 Mon Sep 17 00:00:00 2001 From: trinity-1686a Date: Sun, 8 Oct 2023 14:23:29 +0200 Subject: [PATCH] reject MinimalAcceptedServerVersion which would reject current version and fix memory leak on reload error path --- src/feature/dirauth/dirauth_config.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 826b0431d7..862ea9dafe 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -16,6 +16,7 @@ #include "lib/encoding/confline.h" #include "lib/confmgt/confmgt.h" #include "lib/conf/confdecl.h" +#include "lib/version/torversion.h" /* Required for dirinfo_type_t in or_options_t */ #include "core/or/or.h" @@ -442,7 +443,22 @@ dirauth_options_validate(const void *arg, char **msg) REJECT("Guard bandwdith threshold fraction is invalid."); } + if (tor_version_parse(options->MinimalAcceptedServerVersion, + &minimal_accepted_server_version) != 0) { + REJECT("Invalid MinimalAcceptedServerVersion"); + } + + tor_assertf(tor_version_parse(get_short_version(), + &recommended_version) == 0, + "We failed to parse our own version"); + if (tor_version_compare(&recommended_version, + &minimal_accepted_server_version) < 0) { + REJECT("MinimalAcceptedServerVersion wants to reject the version " + "this node is running"); + } + char *recommended_versions; + int found_recommended_rejected_version = 0; /* Call these functions to produce warnings only. */ recommended_versions = format_recommended_version_list( options->RecommendedClientVersions, 1); @@ -451,11 +467,6 @@ dirauth_options_validate(const void *arg, char **msg) recommended_versions = format_recommended_version_list( options->RecommendedServerVersions, 1); - if (tor_version_parse(options->MinimalAcceptedServerVersion, - &minimal_accepted_server_version) != 0) { - REJECT("Invalid MinimalAcceptedServerVersion"); - } - smartlist_t *version_sl = smartlist_new(); smartlist_split_string(version_sl, recommended_versions, ",", SPLIT_SKIP_SPACE, 0); @@ -468,8 +479,7 @@ dirauth_options_validate(const void *arg, char **msg) if (tor_version_compare(&recommended_version, &minimal_accepted_server_version) < 0) { - REJECT("MinimalAcceptedServerVersion wants to reject a recommended " - "version"); + found_recommended_rejected_version = 1; break; } } SMARTLIST_FOREACH_END(version); @@ -477,6 +487,9 @@ dirauth_options_validate(const void *arg, char **msg) SMARTLIST_FOREACH(version_sl, char *, version, tor_free(version)); smartlist_free(version_sl); tor_free(recommended_versions); + if (found_recommended_rejected_version) + REJECT("MinimalAcceptedServerVersion wants to reject a recommended " + "version"); if (options->TestingAuthDirTimeToLearnReachability > 2*60*60) { COMPLAIN("TestingAuthDirTimeToLearnReachability is insanely high."); -- 2.47.3