[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 28 03:59:30 UTC 2019
#31009: Tor lets transports advertise private IP addresses in descriptor
--------------------------+------------------------
Reporter: phw | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
--------------------------+------------------------
Comment (by arma):
Replying to [comment:3 arma]:
> when Tor is building its extrainfo descriptor, it should notice that
it's about to advertise an internal address
Here is my one-liner that implements this idea:
{{{
diff --git a/src/feature/client/transports.c
b/src/feature/client/transports.c
index 97bfc8a..bd7d955 100644
--- a/src/feature/client/transports.c
+++ b/src/feature/client/transports.c
@@ -1641,7 +1641,7 @@ pt_get_extra_info_descriptor_string(void)
* returned address. */
const char *addrport = NULL;
uint32_t external_ip_address = 0;
- if (tor_addr_is_null(&t->addr) &&
+ if (tor_addr_is_internal(&t->addr, 0) &&
router_pick_published_address(get_options(),
&external_ip_address, 0) >= 0) {
tor_addr_t addr;
}}}
It turns out the code already did the idea, but only in the case where it
was about to advertise 0.0.0.0. So now it would do the same thing for a
wider variety of internal addresses.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list