[tor-bugs] #20151 [Core Tor/Tor]: Fix parse_virtual_addr_network minimum network size
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 16 21:24:01 UTC 2016
#20151: Fix parse_virtual_addr_network minimum network size
------------------------------+--------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.???
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: easy intro
Actual Points: | Parent ID:
Points: 0.5 | Reviewer:
Sponsor: |
------------------------------+--------------------------
parse_virtual_addr_network does:
{{{
const int max_bits = ipv6 ? 40 : 16;
}}}
then:
{{{
if (bits > max_bits) {
if (msg)
tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
"network or larger",ipv6?"IPv6":"", max_bits);
return -1;
}
}}}
Firstly, the log message refers to a minimum ("n or larger" makes n a
minimum, not a maximum), but the variable is named "max_bits". So we
should rename it to min_bits.
Secondly, an IPv6 /40 is terribly restrictive.
For people to use their local IPv6 allocations, we should allow at least a
/64.
If the goal is to have a /16 available, we could allow up to 128 - 16 =
/112. But IPv6 has more addresses than IPv4, so I suggest that a /104 is a
sensible minimum. (If someone wants to map more than 2**24 addresses at
once, they can choose a larger network. We could make the minimum /96, but
some providers split up /64s into /96s and give them out to end users.)
These limitations should also be documented in the tor man page.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20151>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list