Opened 9 months ago

Closed 9 months ago

#21261 closed defect (fixed)

goptlib should enforce the `TOR_PT_SERVER_BINDADDR` restriction.

Reported by: yawning Owned by: asn
Priority: Medium Milestone:
Component: Obfuscation/Pluggable transport Version:
Severity: Normal Keywords: goptlib
Cc: dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Followup from #21136.

TOR_PT_SERVER_BINDADDR by spec is limited to one address+port per transport. goptlib should enforce this, and raise an ENV-ERROR if anyone tries to specify more than one.

I could add code in obfs4proxy to check for this, but it's a spec restriction, so goptlib doing the enforcement seems more appropriate.

Child Tickets

Attachments (1)

0001-Bug-21261-forbid-duplicate-method-names-in-TOR_PT_SE.patch (1.8 KB) - added by dcf 9 months ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 9 months ago by dcf

Status: newneeds_review

Is this what you have in mind? attachment:0001-Bug-21261-forbid-duplicate-method-names-in-TOR_PT_SE.patch

I added a test case for when there is an exact duplicate of a transport—address pair. What should we do in this case? The patch treats it as an ENV-ERROR. The alternative is to collapse exact duplicates together. It depends on what the spec intends by "more than one pair."

TOR_PT_SERVER_BINDADDR=alpha-0.0.0.0:1234,alpha-0.0.0.0:1234

comment:2 Changed 9 months ago by yawning

Status: needs_reviewmerge_ready

Yeah that's basically how I would have done it. I think we shouldn't worry about de-duplication for now (just erroring out should be fine). I'd have to check if the tor code actually can even set such things.

comment:3 Changed 9 months ago by dcf

Resolution: fixed
Status: merge_readyclosed

Merged in f1569079ca.

Note: See TracTickets for help on using tickets.