[tor-bugs] #20151 [Core Tor/Tor]: Fix parse_virtual_addr_network minimum network size

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 16 21:45:44 UTC 2016 

#20151: Fix parse_virtual_addr_network minimum network size
--------------------------+------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.2.???
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  easy intro    |  Actual Points:
Parent ID:                |         Points:  0.5
 Reviewer:                |        Sponsor:
--------------------------+------------------------------
Description changed by teor:

Old description:

> parse_virtual_addr_network does:
> {{{
>   const int max_bits = ipv6 ? 40 : 16;
> }}}
> then:
> {{{
>   if (bits > max_bits) {
>     if (msg)
>       tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
>                    "network or larger",ipv6?"IPv6":"", max_bits);
>     return -1;
>   }
> }}}
>
> Firstly, the log message refers to a minimum ("n or larger" makes n a
> minimum, not a maximum), but the variable is named "max_bits". So we
> should rename it to min_bits.
>
> Secondly, an IPv6 /40 is terribly restrictive.
>
> For people to use their local IPv6 allocations, we should allow at least
> a /64.
>
> If the goal is to have a /16 available, we could allow up to 128 - 16 =
> /112. But IPv6 has more addresses than IPv4, so I suggest that a /104 is
> a sensible minimum. (If someone wants to map more than 2**24 addresses at
> once, they can choose a larger network. We could make the minimum /96,
> but some providers split up /64s into /96s and give them out to end
> users.)
>
> These limitations should also be documented in the tor man page.

New description:

 parse_virtual_addr_network does:
 {{{
   const int max_bits = ipv6 ? 40 : 16;
 }}}
 then:
 {{{
   if (bits > max_bits) {
     if (msg)
       tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
                    "network or larger",ipv6?"IPv6":"", max_bits);
     return -1;
   }
 }}}

 Firstly, the log message refers to a minimum ("n or larger" makes n a
 minimum, not a maximum), but the variable is named "max_bits". So we
 should rename it to min_bits.

 Secondly, an IPv6 /40 is terribly restrictive.

 For people to use their local IPv6 allocations, we should allow at least a
 /64.

 If the goal is to have a /16 available, we could allow up to 128 - 16 =
 /112. But IPv6 has more addresses than IPv4, so I suggest that a /104 is a
 sensible minimum. (If someone wants to map more than `2^24` addresses at
 once, they can choose a larger network. We could make the minimum /96, but
 some providers split up /64s into /96s and give them out to end users.)

 These limitations should also be documented in the tor man page.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20151#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list