[tor-bugs] #19025 [Core Tor/Tor]: Exit relays always return DNS TTL 60 to tor clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 10 19:53:06 UTC 2016 

#19025: Exit relays always return DNS TTL 60 to tor clients
------------------------------+--------------------------------
     Reporter:  phw           |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:  Tor: 0.2.8.2-alpha
     Severity:  Normal        |   Keywords:  dns
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 When tor clients resolve a domain name, exit relays are supposed to
 [https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1345 return
 the DNS TTL as part of their response].

 At the moment, it looks like exit relays always return TTL 0 for both A
 and AAAA records.  Only PTR records seem to come with a TTL > 0.  The
 relevant variables on the exit side are `ttl_ipv4` and `ttl_ipv6` in
 [https://gitweb.torproject.org/tor.git/tree/src/or/dns_structs.h#n80
 src/or/dns_structs.h]. The variables should be initialised in the function
 [https://gitweb.torproject.org/tor.git/tree/src/or/dns.c#n324
 cached_resolve_add_answer]. The variable `ttl_hostname` for PTR records is
 assigned `ttl`:

 {{{
 resolve->ttl_hostname = ttl;
 }}}

 The variables `ttl_ipv4` and `ttl_ipv6`, however, are not.  Therefore,
 exit relays always send back TTL 60 to clients (60 instead of 0 because
 the function [https://gitweb.torproject.org/tor.git/tree/src/or/dns.c#n262
 dns_clip_ttl] turns it into `MIN_DNS_TTL`, i.e., 60).

 Commit
 [https://gitweb.torproject.org/tor.git/commit/?id=2889bd2642ada3a2aa55fa4909825dfb7e90812e
 2889bd264] added the code to tor.  It added `ttl_hostname`, `ttl_ipv4` and
 `ttl_ipv6`, but never initialised the latter two.  I wonder if this is an
 oversight?  Commit
 [https://gitweb.torproject.org/tor.git/commit/?id=c660a0f6a2875a8b9b612f28a7f752b3ca8eb5da
 c660a0f6] talks about potential attacks, but I don't think that explains
 this issue.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19025>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list