commit 7ffa95abd935fd6ac10abd96e8a8d14aa9035caf Author: J. Ryan Stinnett jryans@gmail.com Date: Sat Dec 3 21:06:30 2016 -0600

Clarify that ClientRejectInternalAddresses also rejects mDNS *.local hosts

Fixes #17070. --- changes/17070 | 4 ++++ doc/tor.1.txt | 3 ++- src/common/address.c | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/changes/17070 b/changes/17070 new file mode 100644 index 0000000..ffe616f --- /dev/null +++ b/changes/17070 @@ -0,0 +1,4 @@ + o Documentation (SOCKS connections): + - Clarify that when `ClientRejectInternalAddresses` is enabled (which is the + default), multicast DNS hostnames for machines on the local network (of + the form *.local) are also rejected. Closes ticket 17070. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index aa3859e..c4219d9 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1414,7 +1414,8 @@ The following options are useful only for clients (that is, if If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is specifically requested__ (for example, via a .exit hostname, or a - controller request). (Default: 1) + controller request). If true, multicast DNS hostnames for machines on the + local network (of the form *.local) are also rejected. (Default: 1)

[[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**:: If true, Tor downloads and caches "extra-info" documents. These documents diff --git a/src/common/address.c b/src/common/address.c index 773e688..fa6630e 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -2100,7 +2100,8 @@ get_interface_address,(int severity, uint32_t *addr)) }

/** Return true if we can tell that <b>name</b> is a canonical name for the - * loopback address. */ + * loopback address. Return true also for *.local hostnames, which are + * multicast DNS names for hosts on the local network. */ int tor_addr_hostname_is_local(const char *name) {