[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17674 [Tor]: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses

#17674: circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  defect                               |         Status:  new
 Priority:  Very High                            |      Milestone:  Tor:
Component:  Tor                                  |  0.2.8.x-final
 Severity:  Major                                |        Version:
 Keywords:  dos tor-hs 027-backport              |     Resolution:
  026-backport security                          |  Actual Points:
Parent ID:  #17178                               |         Points:
  Sponsor:                                       |
-------------------------------------------------+-------------------------

Comment (by teor):

 This is a general case of the bug reported in #8976.

 From IRC:
 {{{
 teor
 we believe whatever address and port are sent to us in rendezvous protocol
 versions 2 & 3

 dgoulet
 oh rly!?

 teor
 without checking the consensus

 dgoulet
 I vaguely remember being a feature of tor that is being able to exit at an
 address that is _not_ an exit

 teor
 So for HS, this means that a three-hop circuit can be made to an arbitrary
 address

 dgoulet
 (or not in consensus)

 teor
 For RSOS, this means that a one-hop circuit can be made to an arbitrary
 address
 In either case, there should be a check for a private address

 asn
 i thought this was fixed by robert at some point

 teor
 Facebook's logs suggest it has not been, and I can't see it in the code

 asn
 but i see how it's worse for RSOS

 teor
 Certainly Tor will refuse to send cells, but it will still connect
 I don't think we need that feature, unless we sometimes connect to
 ourselves
 I think Robert fixed it by refusing to send cells to extend to a private
 address
 Which doesn't handle the RSOS one-hop case, or any other case where Tor
 connects directly to a private address
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17674#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs