Merge branch 'maint-0.3.5'

2024-11-24 12:23:32 +01:00 · 2018-10-30 10:55:10 -04:00 · 2018-10-30 10:55:10 -04:00 · cdb065d6b2
commit cdb065d6b2
parent 6ba7f9f0a4 9b72dca953
4 changed files with 45 additions and 11 deletions
--- a/changes/bug28127
+++ b/changes/bug28127
@ -0,0 +1,7 @@
+  o Minor bugfixes (onion services):
+    - Unless we have explicitly set HiddenServiceVersion, detect the onion
+      service version and then look for invalid options. Previously, we
+      did the reverse, but that broke existing configs which were pointed
+      to a v2 hidden service and had options like HiddenServiceAuthorizeClient
+      set Fixes bug 28127; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan.
+
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@ -419,7 +419,7 @@ config_generic_service(const config_line_t *line_,
          dup_opt_seen = line->key;
        goto err;
      }
-      have_version = 1;
+      have_version = service->config.hs_version_explicitly_set = 1;
      continue;
    }
    /* Virtual port. */
@ -534,18 +534,15 @@ config_service(const config_line_t *line, const or_options_t *options,

  /* We have a new hidden service. */
  service = hs_service_new(options);
+
  /* We'll configure that service as a generic one and then pass it to a
   * specific function according to the configured version number. */
  if (config_generic_service(line, options, service) < 0) {
    goto err;
  }
+
  tor_assert(service->config.version <= HS_VERSION_MAX);
-  /* Before we configure the service on a per-version basis, we'll make
-   * sure that this set of options for a service are valid that is for
-   * instance an option only for v2 is not used for v3. */
-  if (config_has_invalid_options(line->next, service)) {
-    goto err;
-  }
+
  /* Check permission on service directory that was just parsed. And this must
   * be done regardless of the service version. Do not ask for the directory
   * to be created, this is done when the keys are loaded because we could be
@ -556,11 +553,19 @@ config_service(const config_line_t *line, const or_options_t *options,
                                   0) < 0) {
    goto err;
  }
+
  /* We'll try to learn the service version here by loading the key(s) if
-   * present. Depending on the key format, we can figure out the service
-   * version. If we can't find a key, the configuration version will be used
-   * which has been set previously. */
-  service->config.version = config_learn_service_version(service);
+   * present and we did not set HiddenServiceVersion. Depending on the key
+   * format, we can figure out the service version. */
+  if (!service->config.hs_version_explicitly_set) {
+    service->config.version = config_learn_service_version(service);
+  }
+
+  /* We make sure that this set of options for a service are valid that is for
+   * instance an option only for v2 is not used for v3. */
+  if (config_has_invalid_options(line->next, service)) {
+    goto err;
+  }

  /* Different functions are in charge of specific options for a version. We
   * start just after the service directory line so once we hit another
@ -580,13 +585,16 @@ config_service(const config_line_t *line, const or_options_t *options,
  if (ret < 0) {
    goto err;
  }
+
  /* We'll check if this service can be kept depending on the others
   * configured previously. */
  if (service_is_duplicate_in_list(service_list, service)) {
    goto err;
  }
+
  /* Passes, add it to the given list. */
  smartlist_add(service_list, service);
+
  return 0;

 err:
--- a/src/feature/hs/hs_service.h
+++ b/src/feature/hs/hs_service.h
@ -178,6 +178,9 @@ typedef struct hs_service_config_t {
   * option. */
  uint32_t version;

+  /* Have we explicitly set HiddenServiceVersion? */
+  unsigned int hs_version_explicitly_set : 1;
+
  /* List of rend_service_port_config_t */
  smartlist_t *ports;

--- a/src/test/test_hs_config.c
+++ b/src/test/test_hs_config.c
@ -366,6 +366,22 @@ test_invalid_service_v3(void *arg)
    teardown_capture_of_logs();
  }

+  /* v2-specific HiddenServiceAuthorizeClient set. */
+  {
+    const char *conf =
+      "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n"
+      "HiddenServiceVersion 3\n"
+      "HiddenServiceAuthorizeClient stealth client1\n";
+    setup_full_capture_of_logs(LOG_WARN);
+    ret = helper_config_service(conf, validate_only);
+    tt_int_op(ret, OP_EQ, -1);
+    expect_log_msg_containing("Hidden service option "
+                              "HiddenServiceAuthorizeClient is incompatible "
+                              "with version 3 of service in "
+                              "/tmp/tor-test-hs-RANDOM/hs1");
+    teardown_capture_of_logs();
+  }
+
 done:
  ;
 }