From 460b97380bdb7187c2b2e924aa1a2940afd6035d Mon Sep 17 00:00:00 2001 From: Neel Chauhan Date: Thu, 5 Dec 2019 19:06:35 -0500 Subject: [PATCH 1/2] Reject 0.2.9 and 0.4.0 in dirserv_rejects_tor_version() --- changes/ticket32672 | 4 ++++ src/feature/dirauth/process_descs.c | 21 ++++++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 changes/ticket32672 diff --git a/changes/ticket32672 b/changes/ticket32672 new file mode 100644 index 0000000000..351329ba2e --- /dev/null +++ b/changes/ticket32672 @@ -0,0 +1,4 @@ + o Minor features (directory authorities): + - Directory authorities now reject descriptors from relays running Tor + versions from the 0.2.9 and 0.4.0 series, but still allow the 0.3.5 + series. Resolves ticket 32672. Patch by Neel Chauhan. diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index 760560a5d9..b4dbc8975b 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -326,22 +326,21 @@ dirserv_rejects_tor_version(const char *platform, static const char please_upgrade_string[] = "Tor version is insecure or unsupported. Please upgrade!"; - /* Versions before Tor 0.2.9 are unsupported. Versions between 0.2.9.0 and - * 0.2.9.4 suffer from bug #20499, where relays don't keep their consensus - * up to date */ - if (!tor_version_as_new_as(platform,"0.2.9.5-alpha")) { + /* Versions before Tor 0.3.5 are unsupported. + * + * Also, reject unstable versions of 0.3.5, since (as of this writing) + * they are almost none of the network. */ + if (!tor_version_as_new_as(platform,"0.3.5.7")) { if (msg) *msg = please_upgrade_string; return true; } - /* Series between Tor 0.3.0 and 0.3.4 inclusive are unsupported, and some - * have bug #27841, which makes them broken as intro points. Reject them. - * - * Also reject unstable versions of 0.3.5, since (as of this writing) - * they are almost none of the network. */ - if (tor_version_as_new_as(platform,"0.3.0.0-alpha-dev") && - !tor_version_as_new_as(platform,"0.3.5.7")) { + /* Series between Tor 0.3.6 and 0.4.1.4-rc inclusive are unsupported. + * Reject them. 0.3.6.0-alpha-dev only existed for a short time, before + * it was renamed to 0.4.0.0-alpha-dev. */ + if (tor_version_as_new_as(platform,"0.3.6.0-alpha-dev") && + !tor_version_as_new_as(platform,"0.4.1.5")) { if (msg) { *msg = please_upgrade_string; } From 612c40bc39237fb28a98a7e43ca4abaf139d091c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 16 Mar 2020 10:42:40 -0400 Subject: [PATCH 2/2] Adjust unit tests for patch for 32672 (rejecting old version) Patch by Neel Chauhan. --- src/test/test_process_descs.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/test/test_process_descs.c b/src/test/test_process_descs.c index 7dc9abde31..409e662069 100644 --- a/src/test/test_process_descs.c +++ b/src/test/test_process_descs.c @@ -20,13 +20,10 @@ test_process_descs_versions(void *arg) { "Tor 0.1.2.3-alpha", true }, // a non-tor program: don't reject. { "Wombat 0.1.2.3-alpha", false }, - // a slightly old version: reject - { "Tor 0.2.9.4-alpha", true }, - // a slightly old version: just new enough to support. - { "Tor 0.2.9.5-alpha", false }, - // a newer 0.2.9 version: supported. - { "Tor 0.2.9.100", false }, // some unsupported versions: reject. + { "Tor 0.2.9.4-alpha", true }, + { "Tor 0.2.9.5-alpha", true }, + { "Tor 0.2.9.100", true }, { "Tor 0.3.0.0-alpha-dev", true }, { "Tor 0.3.0.2-alpha", true }, { "Tor 0.3.0.5", true }, @@ -37,11 +34,17 @@ test_process_descs_versions(void *arg) { "Tor 0.3.4.100", true }, { "Tor 0.3.5.1-alpha", true }, { "Tor 0.3.5.6-rc", true}, + { "Tor 0.4.0.1-alpha", true }, + { "Tor 0.4.0.5", true }, + { "Tor 0.4.1.1-alpha", true }, + { "Tor 0.4.1.4-rc", true }, // new enough to be supported { "Tor 0.3.5.7", false }, { "Tor 0.3.5.8", false }, - { "Tor 0.4.0.1-alpha", false }, { "Tor 0.4.1.5", false }, + { "Tor 0.4.2.1-alpha", false }, + { "Tor 0.4.2.4-rc", false }, + { "Tor 0.4.3.0-alpha-dev", false }, // Very far in the future { "Tor 100.100.1.5", false }, };