[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #32314 [Core Tor/Tor]: Can't connect to literal IPv6 address containing double colon
#32314: Can't connect to literal IPv6 address containing double colon
-------------------------------------------------+-------------------------
Reporter: liberat | Owner: (none)
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.4.1.6
Severity: Normal | Resolution:
Keywords: tor-client, tor-exit, ipv6, | Actual Points: 0.1
BugSmashFund, check-backport |
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* status: new => needs_revision
* keywords: => tor-client, tor-exit, ipv6, BugSmashFund, check-backport
* points: => 0.5
* actualpoints: => 0.1
Comment:
Replying to [comment:1 liberat]:
> One straightforward way to fix this would be to parse the address using
tor_addr_parse and then convert back to a string using tor_addr_to_str:
> {{{
> --- a/src/core/or/connection_edge.c
> +++ b/src/core/or/connection_edge.c
> @@ -1631,6 +1631,12 @@
connection_ap_handshake_rewrite(entry_connection_t *conn,
> conn->original_dest_address =
tor_strdup(conn->socks_request->address);
> }
>
> + /* If the address is an IPv6 literal, either with or without
brackets,
> + * convert it into its canonical form and wrap it in brackets. */
> + if (tor_addr_parse(&addr_tmp, socks->address) >= 0) {
> + tor_addr_to_str(socks->address, &addr_tmp, sizeof(socks->address),
1);
> + }
> +
> /* First, apply MapAddress and MAPADDRESS mappings. We need to do
> * these only for non-reverse lookups, since they don't exist for
those.
> * We also need to do this before we consider automapping, since we
might
> }}}
> This also has the effect of transforming the address into "canonical"
form. This seems like a good idea anyway, as it reduces possibilities for
application fingerprinting by exit nodes.
I prefer this fix, because it canonicalises all addresses.
> However, this also impacts the behavior of "MapAddress". Currently, if
your torrc contains:
> {{{
> MapAddress fc00::0001 www.torproject.org
> }}}
> then a client that tries to connect to "fc00::0001" will reach
www.torproject.org, but a client that tries to connect to "[fc00::1]" will
''not''. So it would probably be wise to also "canonicalize" addresses
used in MapAddress.
Yes, we'll also need a fix for MapAddress.
And we'll need tests that use the client code to encode addresses, and the
exit code to parse it. Let's have some cases that succeed regardless of
the patch. And some other cases that fail without the patch, but succeed
with it.
Finally, we'll need to work out when this bug was introduced, so we know
whether to backport to 0.2.9, 0.3.5, or 0.4.0 and later.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32314#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs