[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21310 [Core Tor/Tor]: Fix IPv6Exit support in connection_exit_begin_conn()



#21310: Fix IPv6Exit support in connection_exit_begin_conn()
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.4.7-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  ipv6          |  Actual Points:
Parent ID:  #21311        |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Changes (by teor):

 * status:  new => needs_review
 * version:   => Tor: 0.2.4.7-alpha
 * parent:   => #21311
 * milestone:  Tor: unspecified => Tor: 0.3.1.x-final


Old description:

> This code is wrong for at least two reasons:
> * it should also unset BEGIN_FLAG_IPV6_OK, and
> * it's way too early in the function: we might end up resolving an
> IPv6-only hostname, learn that it doesn't match our exit policy, and send
> the address back in the REASON_EXITPOLICY RELAY_END cell
> (See https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1436 )
>
> {{{
>   if (! options->IPv6Exit) {
>     /* I don't care if you prefer IPv6; I can't give you any. */
>     bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
>     /* If you don't want IPv4, I can't help. */
>     if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
>       tor_free(address);
>       relay_send_end_cell_from_edge(rh.stream_id, circ,
>                                     END_STREAM_REASON_EXITPOLICY, NULL);
>       return 0;
>     }
>   }
> }}}

New description:

 This code is wrong for at least two reasons:
 * it should also unset BEGIN_FLAG_IPV6_OK, and
 * ~~it's way too early in the function: we might end up resolving an
 IPv6-only hostname, learn that it doesn't match our exit policy, and send
 the address back in the REASON_EXITPOLICY RELAY_END cell~~
 ~~(See https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1436
 )~~
 (Apparently this works anyway.)

 {{{
   if (! options->IPv6Exit) {
     /* I don't care if you prefer IPv6; I can't give you any. */
     bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
     /* If you don't want IPv4, I can't help. */
     if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
       tor_free(address);
       relay_send_end_cell_from_edge(rh.stream_id, circ,
                                     END_STREAM_REASON_EXITPOLICY, NULL);
       return 0;
     }
   }
 }}}

--

Comment:

 These are fixed as part of #21311, as they touch the same code.

 Can we get this in 0.3.0?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21310#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs