Opened 2 years ago

Last modified 6 months ago

#22688 closed defect

HSDir3s should refuse direct client descriptor uploads and downloads, even if encrypted — at Initial Version

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, relay-safety, 034-triage-20180328, 034-removed-20180328
Cc: Actual Points: 0.2
Parent ID: Points: 0.2
Reviewer: Sponsor:


handle_post_hs_descriptor and handle_get_hs_descriptor_v3 should check that the connection is:

  • encrypted, and
  • not from a client (channel_is_client in and later correctly identifies unauthenticated peers, which are clients and bridges).

For extra safety, we can check if the circuit is from a relay.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.