[tor-bugs] #22469 [Core Tor/Tor]: tor should better validate invalid ipv6 address:port definitions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 2 18:14:15 UTC 2017
#22469: tor should better validate invalid ipv6 address:port definitions
--------------------------+------------------------------------
Reporter: toralf | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: unspecified
Component: Core Tor/Tor | Version: Tor: 0.3.1.2-alpha
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by atagar):
Hi catalyst. The trouble is that exit policies should always be of the
form 'address:port' but tor accepts other things in its torrc. Here's the
stem commit where I discuss it...
https://gitweb.torproject.org/stem.git/commit/?id=806cbcc
In particular tor accepts things like the following in its torrc...
{{{
ExitPolicy reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]
}}}
But it shouldn't because it's missing the port (a ":443" or ":*" suffix).
In teor's example above '0x00' isn't a valid port either.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22469#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list