[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor
#31009: Tor lets transports advertise private IP addresses in descriptor
------------------------------+--------------------
Reporter: phw | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: 0.5 | Reviewer:
Sponsor: |
------------------------------+--------------------
While dealing with broken obfs4 bridges, I realised that our bridge
authority has several obfs4 bridges in its cached-extrainfo document that
have private IP addresses, e.g.:
{{{
transport obfs4 10.0.254.17:[redacted]
}}}
The PT spec [https://gitweb.torproject.org/torspec.git/tree/pt-
spec.txt?id=4707f3604cd06e3a627980c6863cca556f9f21a4#n305 explicitly
allows private addresses] in `TOR_PT_SERVER_BINDADDR`:
> The <address> MAY be a locally scoped address as long as port forwarding
is done externally.
[[br]]
BridgeDB however ignores bridges with private IP addresses, so these obfs4
bridges are effectively useless. We could address this issue in BridgeDB
by replacing an obfs4 bridge's private IP address with the address in its
ORPort but I think that tor shouldn't be writing private addresses to a
descriptor in the first place.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs