[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 20 01:29:53 UTC 2019
#31009: Tor lets transports advertise private IP addresses in descriptor
-------------------------------------------------+-------------------------
Reporter: phw | Owner: (none)
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-pt, tor-bridge, 035-backport, | Actual Points:
040-backport, 041-backport, anti-censorship- |
roadmap-july, 042-deferred-20190918 |
Parent ID: | Points: 0.5
Reviewer: ahf | Sponsor:
| Sponsor28-can
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords:
tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
041-backport, anti-censorship-roadmap-july, 042-deferred-20190918
=>
tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
censorship-roadmap-july, 042-deferred-20190918
* status: needs_review => needs_revision
* milestone: Tor: unspecified => Tor: 0.4.3.x-final
Comment:
Thanks for this patch!
This patch has two issues:
* if the address is an IPv6 address, it is replaced with an IPv4 address
* we should use the advertised IPv6 ORPort address to replace internal
IPv6 addresses
* the replacement happens in test and internal networks, as well as the
public Tor network
* there's no way that the bridge can know if internal addresses are
acceptable to the bridge authority or BridgeDB. But I think it's still ok
to replace the address, because the published address should be the right
kind of address for these networks, anyway. But we should add comments
explaining why it's ok.
I think we should also base this patch on maint-0.3.5, so we can backport
it if needed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list