[tor-bugs] #32588 [Core Tor/Tor]: Setting ORPort [ipv6]:auto mistakenly advertises port 94
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 9 14:32:18 UTC 2019
#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94
-----------------------------------------------+---------------------------
Reporter: arma | Owner: neel
Type: defect | Status:
| needs_information
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.4.1.6
Severity: Normal | Resolution:
Keywords: ipv6, memory-safety, security-low | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------------+---------------------------
Comment (by teor):
It's also worth noting that we're getting 0x5e = 94 in the output, and not
0xcc5e or 0x5ecc. So it's just a one byte overflow. And it's happening
some time after the port is opened, but before the relay descriptor is
built.
And it only seems to affect auto IPv6 ORPorts.
Does the issue still happen if the IPv6 address is much shorter than the
maximum length?
For example, does "ORPort [::1]:auto" give you a port of 1?
You might need to set some custom directory authorities to be allowed to
listen on an internal address.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32588#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list