[tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 26 22:52:36 UTC 2015
#17027: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local
addresses
-------------------------------------------------+-------------------------
Reporter: teor | Owner:
Type: defect | Status:
Priority: High | needs_information
Component: Tor | Milestone: Tor:
Severity: Normal | 0.2.7.x-final
Keywords: TorCoreTeam201512, security, | Version: Tor:
027-backport | unspecified
Parent ID: | Resolution:
Sponsor: | Actual Points:
| Points:
-------------------------------------------------+-------------------------
Changes (by teor):
* status: needs_review => needs_information
Comment:
This code doesn't have any known issues, but it's diverged from the code
being tested in master.
bug17027-reject-private-027-v6 doesn't include the following commits:
From getinfo-private-exitpolicy-v4:
* 6913bdfcc568 - Split out policy_dump_to_string to use it in
getinfo_helper_policies.
* 22f82361ab4a - Create helper functions for adding ipv4h and tor_addr_t*
to a smartlist.
They would need to be split, as they include changes to
getinfo_helper_policies (#17183) as well as policies_parse_exit_policy*
changes.
Once (parts of) those commits are applied, we need to cherry-pick from
fix-policies-memory-v2:
* d27f3ec8302e - Fix use-after-free of stack memory
6913bdfcc568 and 22f82361ab4a aren't required, they're both refactoring
changes.
d27f3ec8302e isn't required: the issue it fixes was introduced in
22f82361ab4a.
Do we want to add the refactoring from master to 0.2.7?
If so, how can I split the commits 6913bdfcc568 and 22f82361ab4a so that
they don't cause merge headaches for nickm?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17027#comment:34>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list