[tor-bugs] #31088 [Core Tor/Tor]: Check IPv4 and IPv6 private addresses in descriptors, first hops, and extends
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 27 01:29:03 UTC 2019
#31088: Check IPv4 and IPv6 private addresses in descriptors, first hops, and
extends
-------------------------------------------------+-------------------------
Reporter: teor | Owner: neel
Type: defect | Status:
| merge_ready
Priority: Medium | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.3.21-rc
Severity: Normal | Resolution:
Keywords: asn-merge, dgoulet-merge, consider- | Actual Points: 0.4
backport-after-authority-test, consider- |
backport-after-0421-alpha, 040-backport- |
maybe, 041-backport-maybe, ipv6, tor-relay, |
tor-client, tor-dirauth |
Parent ID: #24403 | Points:
Reviewer: nickm | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* keywords: ipv6, tor-relay, tor-client, tor-dirauth =>
asn-merge, dgoulet-merge, consider-backport-after-authority-test,
consider-backport-after-0421-alpha, 040-backport-maybe, 041-backport-
maybe, ipv6, tor-relay, tor-client, tor-dirauth
* status: needs_review => merge_ready
* actualpoints: => 0.4
Comment:
Ok, looks good to me.
Neel, let us know if you have any concerns about Nick's extra commits.
We might decide to backport this change to our supported authority
releases 0.4.0 and 0.4.1.
It's a low-risk change that improves code correctness, and relay operator
feedback when IPv6 is misconfigured.
But we should make sure we test master on moria1 first.
This is not a security issue, because authorities can't reach private
addresses anyway, so the relay will never be in the consensus.
So it is also ok not to backport it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31088#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list