[tor-bugs] #23080 [Core Tor/Tor]: connection_ext_or_handle_cmd_useraddr and proposal 196 disagree on the format of ExtORPort USERADDR

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 2 08:03:53 UTC 2017 

#23080: connection_ext_or_handle_cmd_useraddr and proposal 196 disagree on the
format of ExtORPort USERADDR
--------------------------+------------------------------------------------
     Reporter:  dcf       |      Owner:
         Type:  defect    |     Status:  new
     Priority:  Medium    |  Milestone:
    Component:  Core      |    Version:
  Tor/Tor                 |
     Severity:  Normal    |   Keywords:  tor-spec pt-spec needs-spec-change
Actual Points:            |  Parent ID:
       Points:            |   Reviewer:
      Sponsor:            |
--------------------------+------------------------------------------------
 (Originally noticed in comment:3:ticket:18628.)

 Proposal 196, which defines the ExtORPort protocol, implies that the
 USERADDR command must include a port number,
 [https://gitweb.torproject.org/torspec.git/tree/proposals/196-transport-
 control-ports.txt?id=f59e8f5b2819842fe6cb5b162a9226a4f1891b4d#n72 here]:
 {{{
      [0x0001] USERADDR: an address:port string that represents the
        client's address.
 }}}
 and [https://gitweb.torproject.org/torspec.git/tree/proposals/196
 -transport-control-
 ports.txt?id=f59e8f5b2819842fe6cb5b162a9226a4f1891b4d#n97 here]:
 {{{
 3.1.2.1. USERADDR

   An ASCII string holding the TCP/IP address of the client of the
   pluggable transport proxy.
 }}}

 But
 [https://gitweb.torproject.org/tor.git/tree/src/or/ext_orport.c?h=tor-0.3.0.9#n434
 connection_ext_or_handle_cmd_useraddr] calls
 [https://gitweb.torproject.org/tor.git/tree/src/common/address.c?h=tor-0.3.0.9#n1895
 tor_addr_port_split], which makes the port number optional.

 It seems that connection_ext_or_handle_cmd_useraddr in fact accepts all
 these formats for USERADDR:
  * `1.2.3.4` (implied port=0)
  * `1.2.3.4:5678`
  * `1:2::3:4` (implied port=0)
  * `[1:2::3:4]` (implied port=0)
  * `[1:2::3:4]:5678`
 If this is intended, then I'd like proposal 196 to say that the port is
 optional, and square brackets are optional in the case of IPv6.

 For what it's worth, [https://gitweb.torproject.org/pluggable-
 transports/obfs4.git/tree/obfs4proxy/obfs4proxy.go?h=obfs4proxy-0.0.7#n254
 obfs4proxy] and [https://gitweb.torproject.org/pluggable-
 transports/meek.git/tree/meek-server/meek-server.go?h=0.28#n142 meek-
 server] take proposal 196 at face value and always include a port in
 USERADDR (meek-server always uses the fictitious port number 1 because it
 doesn't know the true remote port).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23080>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list