[tor-bugs] #32314 [Core Tor/Tor]: Can't connect to literal IPv6 address containing double colon

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 6 23:21:04 UTC 2019 

#32314: Can't connect to literal IPv6 address containing double colon
--------------------------+------------------------------------
 Reporter:  liberat       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.4.3.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.1.6
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Replying to [ticket:32314 liberat]:
 > However, if the address is abbreviated using double-colon notation, it
 only works if enclosed in brackets: "[2a00:1450:4001:800::200e]" works,
 but "2a00:1450:4001:800::200e" does not.  On the other hand, the
 unabbreviated form "2a00:1450:4001:800:0:0:0:200e" does work.
 >
 > The problem appears to be:
 >
 > - The destination is transmitted to the exit relay as a string of the
 form "<hostname>:<port>".
 >
 > - The exit relay tries to parse this string by calling the function
 tor_addr_port_split.
 >
 > - The string "2a00:1450:4001:800::200e:80" is a valid IPv6 literal, so
 tor_addr_port_split interprets it as an address with no port number.
 >
 > - The relay refuses to connect to an address with no port number.

 This isn't quite right. Addresses and ports in Tor cells are binary. So
 the string parsing all happens on the client.

 > Note that if the application uses the binary form (address type 4), this
 is internally converted into a string enclosed in brackets.  However, it
 seems to be more common for applications to use the ASCII form, without
 brackets.  For example, if you try to visit
 http://[2a00:1450:4001:800::200e]/ in Tor Browser, it will fail, whereas
 http://[2a01:4f8:fff0:4f:266:37ff:fe2c:5d19]/ succeeds.
 >
 > So there are a few ways this could be fixed:
 >
 > (a) applications could be changed to use either the binary form or wrap
 the address in brackets;
 >
 > (b) the Tor proxy could automatically add brackets around IPv6
 addresses;
 >
 > (c) the exit relay could be smarter about parsing IPv6 addresses.
 >
 > It seems to me that (b) would be the most sensible option, but it might
 be reasonable to do (c) as well.

 So these fixes both have to happen on the client.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32314#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list