#31009: Tor lets transports advertise private IP addresses in descriptor -------------------------------------------------+------------------------- Reporter: phw | Owner: (none) Type: defect | Status: | needs_revision Priority: Medium | Milestone: Tor: | 0.4.3.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-pt, tor-bridge, 035-backport, | Actual Points: 040-backport, 041-backport, anti-censorship- | roadmap-july, 042-deferred-20190918 | Parent ID: | Points: 0.5 Reviewer: ahf | Sponsor: | Sponsor28-can -------------------------------------------------+------------------------- Changes (by teor):
* keywords: tor-pt, tor-bridge, 029-backport, 035-backport, 040-backport, 041-backport, anti-censorship-roadmap-july, 042-deferred-20190918 => tor-pt, tor-bridge, 035-backport, 040-backport, 041-backport, anti- censorship-roadmap-july, 042-deferred-20190918 * status: needs_review => needs_revision * milestone: Tor: unspecified => Tor: 0.4.3.x-final Comment: Thanks for this patch! This patch has two issues: * if the address is an IPv6 address, it is replaced with an IPv4 address * we should use the advertised IPv6 ORPort address to replace internal IPv6 addresses * the replacement happens in test and internal networks, as well as the public Tor network * there's no way that the bridge can know if internal addresses are acceptable to the bridge authority or BridgeDB. But I think it's still ok to replace the address, because the published address should be the right kind of address for these networks, anyway. But we should add comments explaining why it's ok. I think we should also base this patch on maint-0.3.5, so we can backport it if needed. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31009#comment:14> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs