[tor-bugs] #18029 [Tor]: ADD_ONION doesn't validate its target
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 11 19:36:09 UTC 2016
#18029: ADD_ONION doesn't validate its target
-----------------------------+------------------------------------
Reporter: atagar | Owner:
Type: defect | Status: needs_information
Priority: Low | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.7.1-alpha
Severity: Minor | Resolution:
Keywords: tor-hs tor-core | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
I guess if the address portion actually resolves to something using the
system resolver (`getaddrinfo`) it'll be accepted, but the same thing goes
for torrc as well (ADD_ONION and torrc based HSes both use common code to
handle parsing/validating this stuff).
I still can't reproduce success when it shouldn't.... :/
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18029#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list