[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #32314 [Core Tor/Tor]: Can't connect to literal IPv6 address containing double colon



#32314: Can't connect to literal IPv6 address containing double colon
-------------------------------------------------+-------------------------
 Reporter:  liberat                              |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.4.1.6
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-client, tor-exit, ipv6,          |  Actual Points:  0.1
  BugSmashFund, check-backport                   |
Parent ID:                                       |         Points:  0.5
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  new => needs_revision
 * keywords:   => tor-client, tor-exit, ipv6, BugSmashFund, check-backport
 * points:   => 0.5
 * actualpoints:   => 0.1


Comment:

 Replying to [comment:1 liberat]:
 > One straightforward way to fix this would be to parse the address using
 tor_addr_parse and then convert back to a string using tor_addr_to_str:
 > {{{
 > --- a/src/core/or/connection_edge.c
 > +++ b/src/core/or/connection_edge.c
 > @@ -1631,6 +1631,12 @@
 connection_ap_handshake_rewrite(entry_connection_t *conn,
 >      conn->original_dest_address =
 tor_strdup(conn->socks_request->address);
 >    }
 >
 > +  /* If the address is an IPv6 literal, either with or without
 brackets,
 > +   * convert it into its canonical form and wrap it in brackets. */
 > +  if (tor_addr_parse(&addr_tmp, socks->address) >= 0) {
 > +    tor_addr_to_str(socks->address, &addr_tmp, sizeof(socks->address),
 1);
 > +  }
 > +
 >    /* First, apply MapAddress and MAPADDRESS mappings. We need to do
 >     * these only for non-reverse lookups, since they don't exist for
 those.
 >     * We also need to do this before we consider automapping, since we
 might
 > }}}
 > This also has the effect of transforming the address into "canonical"
 form.  This seems like a good idea anyway, as it reduces possibilities for
 application fingerprinting by exit nodes.

 I prefer this fix, because it canonicalises all addresses.

 > However, this also impacts the behavior of "MapAddress".  Currently, if
 your torrc contains:
 > {{{
 > MapAddress fc00::0001 www.torproject.org
 > }}}
 > then a client that tries to connect to "fc00::0001" will reach
 www.torproject.org, but a client that tries to connect to "[fc00::1]" will
 ''not''.  So it would probably be wise to also "canonicalize" addresses
 used in MapAddress.

 Yes, we'll also need a fix for MapAddress.

 And we'll need tests that use the client code to encode addresses, and the
 exit code to parse it. Let's have some cases that succeed regardless of
 the patch. And some other cases that fail without the patch, but succeed
 with it.

 Finally, we'll need to work out when this bug was introduced, so we know
 whether to backport to 0.2.9, 0.3.5, or 0.4.0 and later.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32314#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs