[tor-bugs] #17901 [Core Tor/Tor]: Tor would bind ControlPort to public ip address if it has no localhost interface

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 14 02:45:48 UTC 2018

#17901: Tor would bind ControlPort to public ip address if it has no localhost
 Reporter:  s7r                                  |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
 Severity:  Major                                |     Resolution:
 Keywords:  tor-control misconfiguration         |  Actual Points:
  security easy                                  |
Parent ID:                                       |         Points:  3
 Reviewer:                                       |        Sponsor:

Comment (by teor):

 Replying to [comment:49 fristonio]:
 > teor, other than changing some basic functions like `assert` to

 You should use a non-fatal assert, like `if (BUG(condition)) { return -1;

 > `free` to `tor_free` should I also segregate IPv4 and IPv6 checks you
 have implemented in `test_loopback_sockname` and `test_loopback_interface`
 into different functions like one for IPv4 addresses and one for IPv6

 You can do that if you'd like. We usually use an `int family` flag to
 choose between IPv4 and IPv6 code, so that we are not repeating code.

 Please print a warning if the checks fail, and an info-level message if
 they succeed.

 Also, try to re-use the existing Tor code that scans interfaces and checks
 socknames. Because that's where I copied this code from.

 The test code was designed to inspect the interfaces on a machine, and
 print their addresses and flags. This patch stalled because I couldn't get
 anyone to run it in the relevant environments. I still haven't seen the
 output of the test code in any of the relevant environments. So there is
 no guarantee that it actually works. And I don't know which of the
 alternative sockname tests you should do.

 Maybe you should wait until mo and s7r run the attached code and report
 the results?
 Or maybe you could do it yourself if they give you a shell?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17901#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list