[tor-bugs] #17674 [Tor]: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 7 22:48:48 UTC 2015 

#17674: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:
 Priority:  Very High                            |  needs_information
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Major                                |  0.2.8.x-final
 Keywords:  dos tor-hs 027-backport              |        Version:
  026-backport security                          |     Resolution:
Parent ID:  #17178                               |  Actual Points:
  Sponsor:                                       |         Points:
-------------------------------------------------+-------------------------
Changes (by dgoulet):

 * status:  needs_review => needs_information


Comment:

 Replying to [comment:4 teor]:
 > Please see my branch first-hop-no-private at
 https://github.com/teor2345/tor.git
 >
 > It modifies circuit_handle_first_hop to refuse any connections to a
 private address with a protocol error, unless ExtendAllowPrivateAddresses
 is set.
 >
 > This should catch this issue with relay extends, and hidden service /
 RSOS rendezvous from badly behaved clients.

 I've played around with this. I've modified a tor client to change the RP
 extend info to be a IP/PORT I control (nc -l PORT basically). The result,
 and somehow expected is that the remote HS second middle when trying to
 extend to the RP does a TLS connection to my IP/PORT.

 I've modified an HS I own to always pick the second middle to be a relay
 that I controlled (thus could look at the log). I then changed the RP info
 to 127.0.0.1. I see that my pinned relay is logging me:

 {{{
 Dec 07 17:31:56.000 [warn] Client asked me to extend to a private address
 }}}

 Which is denied by `circuit_extend`. So maybe the use case I've tested is
 wrong but it doesn't seem we go through "handle_first_hop" when extending
 to the RP (for hidden service). I would be curious why RSOS doesn't also
 use `circuit_extend` then?

 (All this testing required me to change the HS, client and middle relay so
 I might have gone wrong).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17674#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list