[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses

Subject: Re: [tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 15 Sep 2015 17:00:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 15 Sep 2015 13:00:17 -0400
In-reply-to: <044.59b3f3200082aac0fa715411c328d816@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.59b3f3200082aac0fa715411c328d816@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17027: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local
addresses
-------------------------+-------------------------------------------------
     Reporter:  teor     |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:  Tor: unspecified
   Resolution:           |   Keywords:  TorCoreTeam201509 security
Actual Points:           |  026-backport
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by teor):

 Replying to [comment:11 nickm]:
 > Looks good!
 >   * Needs a changes file.

 It's there as changes/bug17027-reject-private-all-interfaces

 >   * I'm thinking this doesn't run us into trouble with bug #12497.
 Somebody should check my logic, though.

 This doesn't change the definition of `private:*`, instead, it appends
 explicit IP-based reject items to the ExitPolicy when
 `ExitPolicyRejectPrivate` is 1. The existing code adds a reject for the
 configured public IPv4 address, this new code does it for the configured
 public IPv6 address (if any), and any other public IPv4 or IPv6 addresses
 found on any interfaces.

 >   * get_interface_address6_list() can't return NULL, but its callers all
 check whether it does.

 Oops, fixed and squashed in `bug17027-reject-private-all-interfaces-v2`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17027#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16069 [Tor]: ipv4 + ipv6 exit : v6 policy is displayed twice, v4 isn't displayed
Next by Author: Re: [tor-bugs] #16937 [Tor Browser]: The browser.startup.homepage pref has been translated in the Korean bundle
Previous by thread: Re: [tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
Next by thread: Re: [tor-bugs] #17027 [Tor]: policies_parse_exit_policy_internal should block all IPv4 and IPv6 local addresses
Index(es):
- Author
- Thread