[tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 9 14:31:23 UTC 2015
#17027: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local
addresses
----------------------------------------+----------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor | Version: Tor:
Keywords: TorCoreTeam201509 security | 0.2.7.2-alpha
Parent ID: | Actual Points:
| Points:
----------------------------------------+----------------------------------
Currently it just handles a single IPv4 address, allowing IPv6 exits to be
connected to on their IPv6 address, or multihomed IPv4 exits to be
connected to on their other IPv4 addresses.
This is a potential security issue, as it allows connections to local
ports on an exit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17027>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list