[tor-bugs] #17674 [Tor]: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 24 14:34:04 UTC 2015
#17674: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses
---------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Very High | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Major | Keywords: dos tor-hs
Actual Points: | Parent ID: #17178
Points: | Sponsor:
---------------------------+--------------------------------
circuit_extend checks ExtendAllowPrivateAddresses, but by then it's too
late, we've already connected in circuit_handle_first_hop.
This seems to be a DoS risk.
onionskin_answer handles local connections as a special case using
channel_is_local, so we might actually be making some that serve some
useful purpose. (What is that purpose?)
Do we really need to allow connections to our own address from ourselves?
It might be a good idea to refuse to build circuits to ourselves in
circuit_handle_first_hop if ExtendAllowPrivateAddresses is 0, and then see
what falls over. Unfortunately, this can't be tested using chutney.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17674>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list