[tor-bugs] #25055 [Core Tor/Tor]: string_is_valid_hostname() returns true for IPv4 addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 17 21:52:51 UTC 2018
#25055: string_is_valid_hostname() returns true for IPv4 addresses
-------------------------------+------------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: needs_review
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: IPv6 IPv4 tor-dns | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
-------------------------------+------------------------------------
Comment (by teor):
I just read RFC 1123 Section 2.1.
https://tools.ietf.org/html/rfc1123#page-13
I was wrong, it doesn't say that the TLD must be alphabetical:
{{{
// Last label of a hostname is required to be alphabetic according to
// RFC 1123 Section 2.1.
}}}
Instead, it says:
{{{
The syntax of a legal Internet host name was specified in RFC-952
[DNS:4]. One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit. Host software MUST support this more liberal
syntax.
...
Whenever a user inputs the identity of an Internet host, it SHOULD
be possible to enter either (1) a host domain name or (2) an IP
address in dotted-decimal ("#.#.#.#") form. The host SHOULD check
the string syntactically for a dotted-decimal number before
looking it up in the Domain Name System.
}}}
Therefore, rather than trying to detect punycode or alphabetical endings,
let's use this logic:
1. If it is a valid IPv4 or IPv6 address, it is not a hostname
2. Otherwise, if it has alphanumeric, -, or `_`, in the right format, it
is a hostname.
Being lax makes Tor more future proof to domain name format changes.
And it confirms to the RFC.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25055#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list