Opened 4 years ago

Closed 4 years ago

#9007 closed defect (fixed)

TorBulkExitList.py doesn't support all ports (patch included)

Reported by: Zarel Owned by: phobos
Priority: Medium Milestone:
Component: Applications/Tor Check Version:
Severity: Keywords:
Cc: zarelsl@…, cathy@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://svn.torproject.org/svn/check/trunk/cgi-bin/TorBulkExitList.py

has this block:

    # Verify that the port is a number between 1 and 65535
    # Otherwise return a sane default of 80
    search = re.compile("^(?:[1-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\
                            "65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$")

The comment is wrong; unfortunately; the regex fails for 4-digit-or-less numbers that contain 0, such as 8000, 102, or even 80. The only reason it supports port 80 at all is because it's the default. It declares port 80 invalid and uses the default of port 80 instead.

The least invasive fix would be to replace the third line with:

    search = re.compile("^(?:[1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|"+\

Which makes the regex do what the comment suggests.

A better solution would be to use something other than a regex to determine if a number is in a range, but I'll leave that as an exercise for the reader. :P

Child Tickets

Attachments (1)

fixregex.diff (570 bytes) - added by Zarel 4 years ago.
patch

Download all attachments as: .zip

Change History (10)

Changed 4 years ago by Zarel

Attachment: fixregex.diff added

patch

comment:1 Changed 4 years ago by Zarel

Cc: zarelsl@… added

comment:2 Changed 4 years ago by cathyjf

Cc: cathy@… added

comment:3 Changed 4 years ago by karsten

Component: - Select a componentTorDNSEL/TorBEL
Owner: set to phobos
Status: newassigned

I can confirm that this is a bug and that the suggested fix is correct. I think phobos runs TorDNSEL these days, but I could be wrong. (If I'm wrong, please re-assign to whoever runs the thing.)

comment:4 Changed 4 years ago by phobos

Owner: phobos deleted

I take care of the haskell parts of tordnsel. This python thing is something else we don't use as far as I know.

comment:5 Changed 4 years ago by Zarel

For reference, it used here:

https://check.torproject.org/cgi-bin/TorBulkExitList.py

Which is linked to from here:

https://www.torproject.org/docs/faq-abuse.html.en#Bans

Which is the first Google result for "ban Tor" for most people.

comment:6 Changed 4 years ago by karsten

I agree with Zarel that people might use this code. It's a trivial fix, we should simply add it to the repo. phobos, can you either commit the patch or give me commit privileges? Thanks!

comment:7 Changed 4 years ago by karsten

Owner: set to phobos

phobos, please see my last comment.

comment:8 Changed 4 years ago by arma

Component: TorDNSEL/TorBELTor Check

I just noticed this ticket and applied it. I also updated the live cgi version, I think.

Sorry for the wait. And thanks!

comment:9 Changed 4 years ago by arma

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.