[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #31009 [Core Tor/Tor]: Tor lets transports advertise private IP addresses in descriptor

#31009: Tor lets transports advertise private IP addresses in descriptor
-------------------------------------------------+-------------------------
 Reporter:  phw                                  |          Owner:  (none)
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.3.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-pt, tor-bridge, 035-backport,    |  Actual Points:
  040-backport, 041-backport, anti-censorship-   |
  roadmap-july, 042-deferred-20190918            |
Parent ID:                                       |         Points:  0.5
 Reviewer:  ahf                                  |        Sponsor:
                                                 |  Sponsor28-can
-------------------------------------------------+-------------------------
Changes (by teor):

 * keywords:
     tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport,
     041-backport, anti-censorship-roadmap-july, 042-deferred-20190918
     =>
     tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti-
     censorship-roadmap-july, 042-deferred-20190918
 * status:  needs_review => needs_revision
 * milestone:  Tor: unspecified => Tor: 0.4.3.x-final


Comment:

 Thanks for this patch!

 This patch has two issues:
 * if the address is an IPv6 address, it is replaced with an IPv4 address
   * we should use the advertised IPv6 ORPort address to replace internal
 IPv6 addresses
 * the replacement happens in test and internal networks, as well as the
 public Tor network
   * there's no way that the bridge can know if internal addresses are
 acceptable to the bridge authority or BridgeDB. But I think it's still ok
 to replace the address, because the published address should be the right
 kind of address for these networks, anyway. But we should add comments
 explaining why it's ok.

 I think we should also base this patch on maint-0.3.5, so we can backport
 it if needed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs