[tor-bugs] #32314 [Core Tor/Tor]: Can't connect to literal IPv6 address containing double colon
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 11 00:36:07 UTC 2019
#32314: Can't connect to literal IPv6 address containing double colon
-------------------------------------------------+-------------------------
Reporter: liberat | Owner: (none)
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.4.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.4.1.6
Severity: Normal | Resolution:
Keywords: tor-client, tor-exit, ipv6, | Actual Points: 0.1
BugSmashFund, check-backport |
Parent ID: | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by teor):
* status: new => needs_revision
* keywords: => tor-client, tor-exit, ipv6, BugSmashFund, check-backport
* points: => 0.5
* actualpoints: => 0.1
Comment:
Replying to [comment:1 liberat]:
> One straightforward way to fix this would be to parse the address using
tor_addr_parse and then convert back to a string using tor_addr_to_str:
> {{{
> --- a/src/core/or/connection_edge.c
> +++ b/src/core/or/connection_edge.c
> @@ -1631,6 +1631,12 @@
connection_ap_handshake_rewrite(entry_connection_t *conn,
> conn->original_dest_address =
tor_strdup(conn->socks_request->address);
> }
>
> + /* If the address is an IPv6 literal, either with or without
brackets,
> + * convert it into its canonical form and wrap it in brackets. */
> + if (tor_addr_parse(&addr_tmp, socks->address) >= 0) {
> + tor_addr_to_str(socks->address, &addr_tmp, sizeof(socks->address),
1);
> + }
> +
> /* First, apply MapAddress and MAPADDRESS mappings. We need to do
> * these only for non-reverse lookups, since they don't exist for
those.
> * We also need to do this before we consider automapping, since we
might
> }}}
> This also has the effect of transforming the address into "canonical"
form. This seems like a good idea anyway, as it reduces possibilities for
application fingerprinting by exit nodes.
I prefer this fix, because it canonicalises all addresses.
> However, this also impacts the behavior of "MapAddress". Currently, if
your torrc contains:
> {{{
> MapAddress fc00::0001 www.torproject.org
> }}}
> then a client that tries to connect to "fc00::0001" will reach
www.torproject.org, but a client that tries to connect to "[fc00::1]" will
''not''. So it would probably be wise to also "canonicalize" addresses
used in MapAddress.
Yes, we'll also need a fix for MapAddress.
And we'll need tests that use the client code to encode addresses, and the
exit code to parse it. Let's have some cases that succeed regardless of
the patch. And some other cases that fail without the patch, but succeed
with it.
Finally, we'll need to work out when this bug was introduced, so we know
whether to backport to 0.2.9, 0.3.5, or 0.4.0 and later.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32314#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list