[tor-bugs] #25055 [Core Tor/Tor]: string_is_valid_hostname() returns true for IPv4 addresses

[Tor Bug Tracker & Wiki]

#25055: string_is_valid_hostname() returns true for IPv4 addresses
-------------------------------+------------------------------------
 Reporter:  teor               |          Owner:  (none)
     Type:  defect             |         Status:  needs_revision
 Priority:  Medium             |      Milestone:  Tor: 0.3.4.x-final
Component:  Core Tor/Tor       |        Version:
 Severity:  Normal             |     Resolution:
 Keywords:  IPv6 IPv4 tor-dns  |  Actual Points:
Parent ID:                     |         Points:  1
 Reviewer:                     |        Sponsor:
-------------------------------+------------------------------------

Comment (by rl1987):

 > Therefore, rather than trying to detect punycode or alphabetical
 endings, let's use this logic:
 > 1. If it is a valid IPv4 or IPv6 address, it is not a hostname
 > 2. Otherwise, if it has alphanumeric, -, or `_`, in the right format, it
 is a hostname.
 >
 > Being lax makes Tor more future proof to domain name format changes.
 > And it confirms to the RFC.

 Technically IP address strings are not hostnames, but we do allow them to
 be used in SOCKS requests. That's why I introduced `string_is_valid_dest`
 that checks destination validity by branching out to `tor_inet_pton` and
 `string_is_valid_hostname`. We want `string_is_valid_hostname` to do
 exactly what the function name says - DNS hostname validation.

 I think supporting punycode TLDs is a good idea. Currently all entries in
 of valid TLDs [0] are either alphabetic or punycode.

 [0] http://data.iana.org/TLD/tlds-alpha-by-domain.txt

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25055#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online