[tor-bugs] #32588 [Core Tor/Tor]: Setting ORPort [ipv6]:auto mistakenly advertises port 94
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 9 14:20:29 UTC 2019
#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94
-----------------------------------------------+---------------------------
Reporter: arma | Owner: neel
Type: defect | Status:
| needs_information
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.4.1.6
Severity: Normal | Resolution:
Keywords: ipv6, memory-safety, security-low | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------------+---------------------------
Changes (by teor):
* keywords: ipv6 => ipv6, memory-safety, security-low
* status: assigned => needs_information
Comment:
The IPv6 descriptor code can never work for auto ports:
https://github.com/torproject/tor/blob/master/src/feature/relay/router.c#L1991
It should be like the IPv4 descriptor port code:
https://github.com/torproject/tor/blob/master/src/feature/relay/router.c#L1978
And call router_get_advertised_or_port_by_af() to get the IPv6 ORPort.
Ideally, we should add a new router_get_advertised_ipv6_or_port()
function, which searches for an address like this:
https://github.com/torproject/tor/blob/master/src/feature/relay/router.c#L1991
But searches for a port like this: (if the discovered port is 0)
router_get_advertised_or_port_by_af(… , AF_INET6).
I still can't work out how the port ends up being 94. Maybe we're
overwriting some memory somewhere?
I think we should try to find the memory issue, before we call this bug
"fixed".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32588#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list