#9007 closed defect (fixed)
TorBulkExitList.py doesn't support all ports (patch included)
Reported by: | Zarel | Owned by: | phobos |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/Tor Check | Version: | |
Severity: | Keywords: | ||
Cc: | zarelsl@…, cathy@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py
has this block:
# Verify that the port is a number between 1 and 65535 # Otherwise return a sane default of 80 search = re.compile("^(?:[1-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\ "65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$")
The comment is wrong; unfortunately; the regex fails for 4-digit-or-less numbers that contain 0
, such as 8000
, 102
, or even 80
. The only reason it supports port 80 at all is because it's the default. It declares port 80 invalid and uses the default of port 80 instead.
The least invasive fix would be to replace the third line with:
search = re.compile("^(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\
Which makes the regex do what the comment suggests.
A better solution would be to use something other than a regex to determine if a number is in a range, but I'll leave that as an exercise for the reader. :P
Child Tickets
Attachments (1)
Change History (10)
Changed 7 years ago by
Attachment: | fixregex.diff added |
---|
comment:1 Changed 7 years ago by
Cc: | zarelsl@… added |
---|
comment:2 Changed 7 years ago by
Cc: | cathy@… added |
---|
comment:3 Changed 7 years ago by
Component: | - Select a component → TorDNSEL/TorBEL |
---|---|
Owner: | set to phobos |
Status: | new → assigned |
I can confirm that this is a bug and that the suggested fix is correct. I think phobos runs TorDNSEL these days, but I could be wrong. (If I'm wrong, please re-assign to whoever runs the thing.)
comment:4 Changed 7 years ago by
Owner: | phobos deleted |
---|
I take care of the haskell parts of tordnsel. This python thing is something else we don't use as far as I know.
comment:5 Changed 7 years ago by
For reference, it used here:
https://check.torproject.org/cgi-bin/TorBulkExitList.py
Which is linked to from here:
https://www.torproject.org/docs/faq-abuse.html.en#Bans
Which is the first Google result for "ban Tor" for most people.
comment:6 Changed 7 years ago by
I agree with Zarel that people might use this code. It's a trivial fix, we should simply add it to the repo. phobos, can you either commit the patch or give me commit privileges? Thanks!
comment:8 Changed 6 years ago by
Component: | TorDNSEL/TorBEL → Tor Check |
---|
I just noticed this ticket and applied it. I also updated the live cgi version, I think.
Sorry for the wait. And thanks!
comment:9 Changed 6 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
patch