[tor-bugs] #12378 [Tor]: Tor configuration policies using network CIDR syntax should clamp mask bits appropriately
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 12 00:28:54 UTC 2014
#12378: Tor configuration policies using network CIDR syntax should clamp mask bits
appropriately
--------------------------------+---------------------
Reporter: anon | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: config exit-policy | Actual Points:
Parent ID: | Points:
--------------------------------+---------------------
Tor configuration policies using network CIDR syntax like 224.0.0.0/8
should clamp mask bits appropriately to IANA and network prefix.
An example bad configuration spotted in the wild:
224.0.0.0/3 which represents a binary
11100000.00000000.00000000.00000000 &
00011111.11111111.11111111.11111111
in
tor_addr_compare_masked
which results in a comparison of only the first three bits of any
comparison network under test.
Improve Tor to implement a clamp mask, and warn on a configuration policy
that specifies an invalid mask per network prefix.
The netmask clamp would ensure that mask bits number at least 8 bits or
more, meaning a /8 or smaller network policy. See
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-
space.xhtml
The netmask clamp would ensure that mask bits number at least the same
number of bits in the network prefix, if the network prefix bits number 8
or more themselves.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12378>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list