[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 27 19:13:09 UTC 2019
#31009: Tor lets transports advertise private IP addresses in descriptor
------------------------------+--------------------
Reporter: phw | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: 0.5 | Reviewer:
Sponsor: |
------------------------------+--------------------
While dealing with broken obfs4 bridges, I realised that our bridge
authority has several obfs4 bridges in its cached-extrainfo document that
have private IP addresses, e.g.:
{{{
transport obfs4 10.0.254.17:[redacted]
}}}
The PT spec [https://gitweb.torproject.org/torspec.git/tree/pt-
spec.txt?id=4707f3604cd06e3a627980c6863cca556f9f21a4#n305 explicitly
allows private addresses] in `TOR_PT_SERVER_BINDADDR`:
> The <address> MAY be a locally scoped address as long as port forwarding
is done externally.
[[br]]
BridgeDB however ignores bridges with private IP addresses, so these obfs4
bridges are effectively useless. We could address this issue in BridgeDB
by replacing an obfs4 bridge's private IP address with the address in its
ORPort but I think that tor shouldn't be writing private addresses to a
descriptor in the first place.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list