[tor-bugs] #11358 [Tor]: Tor should consider more addresses as invalid

[Tor Bug Tracker & Wiki]

#11358: Tor should consider more addresses as invalid
---------------------+----------------------------------
 Reporter:  yawning  |          Owner:
     Type:  defect   |         Status:  new
 Priority:  minor    |      Milestone:
Component:  Tor      |        Version:  Tor: unspecified
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
---------------------+----------------------------------
 There's a few more address blocks that should never appear on the public
 internet that do not appear to be checked for when processing the exit
 policy (Belong in `private_nets`) or in `tor_addr_is_internal()`.

 From RFC 5735:
  * 192.0.2.0/24        TEST-NET-1
  * 198.51.100.0/24     TEST-NET-2
  * 203.0.113.0/24      TEST-NET-3
  * 198.18.0.0/15       Network Interconnect Device Benchmark Testing

 From RFC 5156:
  * 2001:db8::/32       Documentation Prefix
  * 2001:10::/28        ORCHID

 Traffic containing these addresses have no business being on the public
 internet, so the code should be updated to check for them and reject them
 where appropriate.  Since `tor_addr_is_internal()` is used for things
 other than rejection, this probably should be done as a separate function
 that is checked when the code means "Reject things that should not be
 used" (most of the code) vs "Explicitly need a local address"
 (`warn_nonlocal_client_ports()` for example).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11358>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online