[tor-bugs] #12378 [Tor]: Tor configuration policies using network CIDR syntax should clamp mask bits appropriately

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 12 00:28:54 UTC 2014


#12378: Tor configuration policies using network CIDR syntax should clamp mask bits
appropriately
--------------------------------+---------------------
 Reporter:  anon                |          Owner:
     Type:  defect              |         Status:  new
 Priority:  normal              |      Milestone:
Component:  Tor                 |        Version:
 Keywords:  config exit-policy  |  Actual Points:
Parent ID:                      |         Points:
--------------------------------+---------------------
 Tor configuration policies using network CIDR syntax like 224.0.0.0/8
 should clamp mask bits appropriately to IANA and network prefix.

 An example bad configuration spotted in the wild:
  224.0.0.0/3 which represents a binary
 11100000.00000000.00000000.00000000 &
 00011111.11111111.11111111.11111111
 in
  tor_addr_compare_masked
 which results in a comparison of only the first three bits of any
 comparison network under test.

 Improve Tor to implement a clamp mask, and warn on a configuration policy
 that specifies an invalid mask per network prefix.

 The netmask clamp would ensure that mask bits number at least 8 bits or
 more, meaning a /8 or smaller network policy. See
 https://www.iana.org/assignments/ipv4-address-space/ipv4-address-
 space.xhtml

 The netmask clamp would ensure that mask bits number at least the same
 number of bits in the network prefix, if the network prefix bits number 8
 or more themselves.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12378>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list