TorBulkExitList.py doesn't support all ports (patch included)

[Zarel]

​https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py

has this block:

    # Verify that the port is a number between 1 and 65535
    # Otherwise return a sane default of 80
    search = re.compile("^(?:[1-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\
                            "65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$")

The comment is wrong; unfortunately; the regex fails for 4-digit-or-less numbers that contain 0, such as 8000, 102, or even 80. The only reason it supports port 80 at all is because it's the default. It declares port 80 invalid and uses the default of port 80 instead.

The least invasive fix would be to replace the third line with:

    search = re.compile("^(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\

Which makes the regex do what the comment suggests.

A better solution would be to use something other than a regex to determine if a number is in a range, but I'll leave that as an exercise for the reader. :P

[Zarel]

patch

[karsten]

I can confirm that this is a bug and that the suggested fix is correct. I think phobos runs TorDNSEL these days, but I could be wrong. (If I'm wrong, please re-assign to whoever runs the thing.)

[phobos]

I take care of the haskell parts of tordnsel. This python thing is something else we don't use as far as I know.

[Zarel]

For reference, it used here:

​https://check.torproject.org/cgi-bin/TorBulkExitList.py

Which is linked to from here:

​https://www.torproject.org/docs/faq-abuse.html.en#Bans

Which is the first Google result for "ban Tor" for most people.

[karsten]

I agree with Zarel that people might use this code. It's a trivial fix, we should simply add it to the repo. phobos, can you either commit the patch or give me commit privileges? Thanks!

[karsten]

phobos, please see my last comment.

[arma]

I just noticed this ticket and applied it. I also updated the live cgi version, I think.

Sorry for the wait. And thanks!