[tor-bugs] #25036 [Core Tor/Tor]: Tor 0.3.2 rejects connections to raw ipv6 addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 5 23:14:00 UTC 2018 

#25036: Tor 0.3.2 rejects connections to raw ipv6 addresses
------------------------------------------+--------------------------------
 Reporter:  pastly                        |          Owner:  tbb-team
     Type:  defect                        |         Status:  new
 Priority:  High                          |      Milestone:  Tor:
                                          |  0.3.3.x-final
Component:  Core Tor/Tor                  |        Version:  Tor:
                                          |  0.3.2.1-alpha
 Severity:  Normal                        |     Resolution:
 Keywords:  regression ipv6 032-backport  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+--------------------------------

Comment (by teor):

 Replying to [comment:14 dgoulet]:
 > Replying to [comment:13 teor]:
 > > Replying to [comment:12 dgoulet]:
 > > > Quick question on this. Are we sure this is not Tor Browser sending
 a SOCKS5 request with the type "fqdn" used with an IPv6 address?
 > > >
 > > > That `string_is_valid_hostname()` check is done when we get an `atyp
 = 0x03` in the SOCKS5 request which means tor should expect a FQDN thus
 returning the error here is fine. The IPv6 address is handled before.
 > > >
 > > > Why is TB sending a fqdn request at all with this address:
 https://[2a00:1450:401b:800::200e]/ ?
 > > Tor Browser is obviously sending IPv4 and IPv6 addresses as text, in
 violation of the spec. Tor has always accepted IPv4 addresses as text, in
 violation of the spec. Therefore, we should accept IPv6 addresses as text,
 just like we did in 0.3.1. Because we can't break a feature like this.
 >
 > Well Tor Browser ships its own "tor" so it can fix this and just use a
 "tor" that have this working?
 >
 > I do see the importance of not breaking a feature even though it means
 violating the spec but with TB, it controls the whole chain. If TB can't
 fix this, then I agree that tor should just revert to accepting IPv4/IPv6
 string values.

 Many SOCKS5 clients use Tor 0.3.2. Tor needs to allow them all to send IP
 addresses as hostnames, as we did in 0.3.1.

 Tor Browser may do a temporary fix, that's up to them.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25036#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list