[tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 9 14:31:23 UTC 2015


#17027: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local
addresses
----------------------------------------+----------------------------------
 Reporter:  teor                        |          Owner:
     Type:  defect                      |         Status:  new
 Priority:  major                       |      Milestone:
Component:  Tor                         |        Version:  Tor:
 Keywords:  TorCoreTeam201509 security  |  0.2.7.2-alpha
Parent ID:                              |  Actual Points:
                                        |         Points:
----------------------------------------+----------------------------------
 Currently it just handles a single IPv4 address, allowing IPv6 exits to be
 connected to on their IPv6 address, or multihomed IPv4 exits to be
 connected to on their other IPv4 addresses.

 This is a potential security issue, as it allows connections to local
 ports on an exit.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17027>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list