[tor-bugs] #32314 [Core Tor/Tor]: Can't connect to literal IPv6 address containing double colon

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 2 19:32:34 UTC 2019


#32314: Can't connect to literal IPv6 address containing double colon
--------------------------+------------------------------
 Reporter:  liberat       |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.1.6
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------

Comment (by liberat):

 One straightforward way to fix this would be to parse the address using
 tor_addr_parse and then convert back to a string using tor_addr_to_str:
 {{{
 --- a/src/core/or/connection_edge.c
 +++ b/src/core/or/connection_edge.c
 @@ -1631,6 +1631,12 @@ connection_ap_handshake_rewrite(entry_connection_t
 *conn,
      conn->original_dest_address =
 tor_strdup(conn->socks_request->address);
    }

 +  /* If the address is an IPv6 literal, either with or without brackets,
 +   * convert it into its canonical form and wrap it in brackets. */
 +  if (tor_addr_parse(&addr_tmp, socks->address) >= 0) {
 +    tor_addr_to_str(socks->address, &addr_tmp, sizeof(socks->address),
 1);
 +  }
 +
    /* First, apply MapAddress and MAPADDRESS mappings. We need to do
     * these only for non-reverse lookups, since they don't exist for
 those.
     * We also need to do this before we consider automapping, since we
 might
 }}}
 This also has the effect of transforming the address into "canonical"
 form.  This seems like a good idea anyway, as it reduces possibilities for
 application fingerprinting by exit nodes.

 However, this also impacts the behavior of "MapAddress".  Currently, if
 your torrc contains:
 {{{
 MapAddress fc00::0001 www.torproject.org
 }}}
 then a client that tries to connect to "fc00::0001" will reach
 www.torproject.org, but a client that tries to connect to "[fc00::1]" will
 ''not''.  So it would probably be wise to also "canonicalize" addresses
 used in MapAddress.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32314#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list