[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #21310 [Core Tor/Tor]: Fix IPv6Exit support in connection_exit_begin_conn()
#21310: Fix IPv6Exit support in connection_exit_begin_conn()
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version: Tor: 0.2.4.7-alpha
Severity: Normal | Resolution:
Keywords: ipv6 | Actual Points:
Parent ID: #21311 | Points: 1
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by teor):
* status: new => needs_review
* version: => Tor: 0.2.4.7-alpha
* parent: => #21311
* milestone: Tor: unspecified => Tor: 0.3.1.x-final
Old description:
> This code is wrong for at least two reasons:
> * it should also unset BEGIN_FLAG_IPV6_OK, and
> * it's way too early in the function: we might end up resolving an
> IPv6-only hostname, learn that it doesn't match our exit policy, and send
> the address back in the REASON_EXITPOLICY RELAY_END cell
> (See https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1436 )
>
> {{{
> if (! options->IPv6Exit) {
> /* I don't care if you prefer IPv6; I can't give you any. */
> bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
> /* If you don't want IPv4, I can't help. */
> if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
> tor_free(address);
> relay_send_end_cell_from_edge(rh.stream_id, circ,
> END_STREAM_REASON_EXITPOLICY, NULL);
> return 0;
> }
> }
> }}}
New description:
This code is wrong for at least two reasons:
* it should also unset BEGIN_FLAG_IPV6_OK, and
* ~~it's way too early in the function: we might end up resolving an
IPv6-only hostname, learn that it doesn't match our exit policy, and send
the address back in the REASON_EXITPOLICY RELAY_END cell~~
~~(See https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1436
)~~
(Apparently this works anyway.)
{{{
if (! options->IPv6Exit) {
/* I don't care if you prefer IPv6; I can't give you any. */
bcell.flags &= ~BEGIN_FLAG_IPV6_PREFERRED;
/* If you don't want IPv4, I can't help. */
if (bcell.flags & BEGIN_FLAG_IPV4_NOT_OK) {
tor_free(address);
relay_send_end_cell_from_edge(rh.stream_id, circ,
END_STREAM_REASON_EXITPOLICY, NULL);
return 0;
}
}
}}}
--
Comment:
These are fixed as part of #21311, as they touch the same code.
Can we get this in 0.3.0?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21310#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs