[tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 15 17:00:09 UTC 2015
#17027: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local
addresses
-------------------------+-------------------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: TorCoreTeam201509 security
Actual Points: | 026-backport
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by teor):
Replying to [comment:11 nickm]:
> Looks good!
> * Needs a changes file.
It's there as changes/bug17027-reject-private-all-interfaces
> * I'm thinking this doesn't run us into trouble with bug #12497.
Somebody should check my logic, though.
This doesn't change the definition of `private:*`, instead, it appends
explicit IP-based reject items to the ExitPolicy when
`ExitPolicyRejectPrivate` is 1. The existing code adds a reject for the
configured public IPv4 address, this new code does it for the configured
public IPv6 address (if any), and any other public IPv4 or IPv6 addresses
found on any interfaces.
> * get_interface_address6_list() can't return NULL, but its callers all
check whether it does.
Oops, fixed and squashed in `bug17027-reject-private-all-interfaces-v2`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17027#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list