[tor-bugs] #25935 [Core Tor/Tor]: Allow DA address to be specified as FQDN

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 27 14:22:24 UTC 2018 

#25935: Allow DA address to be specified as FQDN
--------------------------+------------------------------------
 Reporter:  somlo         |          Owner:  (none)
     Type:  enhancement   |         Status:  needs_revision
 Priority:  Medium        |      Milestone:  Tor: 0.3.5.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  tor-dirauth   |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  teor          |        Sponsor:
--------------------------+------------------------------------

Comment (by somlo):

 Pasting my reply from the github review thread, for completeness:
 >
 > I got confused by the man page, which says:
 >
 > DirAuthority [nickname] [flags] address:port fingerprint
 >
 > We probably should add [fingerprint...] at the end to indicate there
 could be more than one...
 >
 > I see now there's a "smartlist_join_strings()" call after processing the
 "addr:port" field, so you're right of course. Problem is, right now we
 decide it's time to process "addr:port" if the very first character in
 that string is a digit, which partially allows parsing hostname:port
 entries instead of throwing an error in all cases where "addr" is not an
 actual IP address.
 >
 > We could decide we've finished parsing flags and reached "addr:port" if
 the current smartlist item contains a ":" character (unless it's possible
 for a flag to contain that character, either now or in the future, in
 which case we're back to not having a good way to know we've reached that
 field).
 >
 > Alternatively, we could decide to ban non-IP "address" fields outright,
 because of the potential security vulnerability introduced by adding DNS
 to the mix (and I'll figure out a way to cope with that :) ). Right now
 we're only sort-of, kind-of doing that, which inspired me to try for full
 support, without thinking of the larger implications.
 >
 > Please let me know what you think, and I'll either respond to your full
 review or submit a new patc> h fixing the man page and throwing an error
 if addr is not an IP (or backing off, if you're already working on the
 parsing code as part of some other effort).
 >
 > Thanks much,
 > --G

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25935#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list