Opened 6 years ago

Closed 6 years ago

#11358 closed defect (duplicate)

Tor should consider more addresses as invalid

Reported by: yawning Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There's a few more address blocks that should never appear on the public internet that do not appear to be checked for when processing the exit policy (Belong in private_nets) or in tor_addr_is_internal().

From RFC 5735:

  • 192.0.2.0/24 TEST-NET-1
  • 198.51.100.0/24 TEST-NET-2
  • 203.0.113.0/24 TEST-NET-3
  • 198.18.0.0/15 Network Interconnect Device Benchmark Testing

From RFC 5156:

  • 2001:db8::/32 Documentation Prefix
  • 2001:10::/28 ORCHID

Traffic containing these addresses have no business being on the public internet, so the code should be updated to check for them and reject them where appropriate. Since tor_addr_is_internal() is used for things other than rejection, this probably should be done as a separate function that is checked when the code means "Reject things that should not be used" (most of the code) vs "Explicitly need a local address" (warn_nonlocal_client_ports() for example).

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by rransom

Yet Another Bloody Duplicate of #7971 and #5166.

comment:2 Changed 6 years ago by yawning

Resolution: duplicate
Status: newclosed

So it is, no reason to keep this around since it is entirely covered by both of those.

Note: See TracTickets for help on using tickets.