#31011: Make the bridge authority reject private PT addresses when DirAllowPrivateAddresses is 0 -----------------------------------------------+--------------------------- Reporter: teor | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: anti-censorship-roadmap-september | Actual Points: Parent ID: #31009 | Points: 1 Reviewer: | Sponsor: | Sponsor28-can -----------------------------------------------+---------------------------
Comment (by teor): Replying to [comment:9 phw]: > I prefer having the bridge authority reject descriptors with private addresses. In my opinion, a private address has no business being in the descriptor and we should reject such descriptors rather than guessing what the bridge operators meant to do. Thanks, that seems like a sensible decision. We can add bridge authority code that rejects extra-info descriptors with a private address in any `transport` line. We should probably also add a config error on the bridge side, if ServerTransportListenAddress is an internal address, compute_publishserverdescriptor() is bridge, and the bridge is using the default bridge authority. Here's how the `transport` line is created on the bridge side: https://github.com/torproject/tor/blob/f6c9ca3a1d1c29a293915612e26cdbfeb050c192/src/feature/relay/router.c#L3190 https://github.com/torproject/tor/blob/60d5ff303d65bb7caf5c064675c661faac4cecf1/src/feature/client/transports.c#L1615 Here's where we reject extra-info descriptors in dirserv_add_extrainfo(): https://github.com/torproject/tor/blob/53bdd21179b3507b8d8aa2788e4955df8619f6db/src/feature/dirauth/process_descs.c#L789 See dirserv_router_has_valid_address() for some example code. This code rejects relay descriptors with private IPv4 or IPv6 addresses, when DirAllowPrivateAddresses is 0: https://github.com/torproject/tor/blob/53bdd21179b3507b8d8aa2788e4955df8619f6db/src/feature/dirauth/process_descs.c#L456 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31011#comment:10> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs