[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #7555 [Tor]: MapAddress from FQDN to .onion fails because resolve requests for hidden services are not allowed.



#7555: MapAddress from FQDN to .onion fails because  resolve requests for hidden
services are not allowed.
--------------------+-------------------------------------------------------
 Reporter:  aagbsn  |          Owner:                  
     Type:  defect  |         Status:  new             
 Priority:  minor   |      Milestone:                  
Component:  Tor     |        Version:  Tor: unspecified
 Keywords:          |         Parent:                  
   Points:          |   Actualpoints:                  
--------------------+-------------------------------------------------------
 Example torrc:

 MapAddress irc.oftc.net 37lnq2veifl4kar7.onion

 (Why would I want to do that? So that the host my IRC client connects to
 matches the SSL certificate prested by the server)

 Here's what a connection to a hidden service without a MapAddress looks
 like.
 {{{
 Nov 22 13:41:54.000 [debug] connection_ap_handshake_rewrite_and_attach():
 Client asked for [scrubbed]:7000
 Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
 Got a hidden service request for ID '[scrubbed]'
 Nov 22 13:41:54.000 [info] connection_ap_handshake_rewrite_and_attach():
 Unknown descriptor [scrubbed]. Fetching.
 Nov 22 13:41:54.000 [debug] rend_client_refetch_v2_renddesc(): Fetching v2
 rendezvous descriptor for service [scrubbed]
 }}}

 And here's what happens with the above MapAddress:

 {{{
 Nov 22 13:53:52.000 [debug] connection_ap_handshake_rewrite_and_attach():
 Client asked for [scrubbed]:0
 Nov 22 13:53:52.000 [info] addressmap_rewrite(): Addressmap: rewriting
 [scrubbed] to [scrubbed]
 Nov 22 13:53:52.000 [warn] Resolve requests to hidden services not
 allowed. Failing.
 }}}

 So it looks like the socks client tries to resolve www.duckduckgo.com, the
 address gets rewritten to 3g2upl4pq6kufc4m.onion, and then the request
 fails because resolving .onion doesn't make sense. Where do resolve
 requests for .onion normally get handled? I think I'd probably want to
 catch this MapAddress case in addressmap_rewrite and then proceed as usual
 for hidden services.

 Thanks for any pointers!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7555>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs