Opened 10 years ago

Last modified 2 years ago

#1181 new defect (None)

evdns_server_request_format_response() sets TC flag wrong

Reported by: arma Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version: 0.2.1.20
Severity: Normal Keywords: dns tor-relay prop219
Cc: arma, nickm, Sebastian Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by nickm)

kenobi> evdns_server_request_format_response() with dnsname_to_labels()
wrongly implements part of rfc1035 about logic for sets of TC bit.
kenobi> " Messages carried by UDP are restricted to 512 bytes (not counting
the IP or UDP headers). Longer messages are truncated and the TC bit is set
in the header"
kenobi> TC bits should be sets only if lenght of all message via UDP was more
than 512 bytes. Not alone lables or names.
kenobi> for now TC bit sets for wrongly lengthed labels, which stricly limits
for 63, but those means transmited error not signaling truncate bit.

do you have a patch? :)

kenobi> I do not have patch, because it's should be designed for future tcp
transport too, so it's slightly hard for patch by one line.

(does this affect anything in practice, or is it just a theoretical

correctness issue?)
kenobi> It's can be exploit via exotic attack, if reverse lookup was
controled by attacker and exit relay was too. And resolv.conf contained ISP's
DNS.

what would the attack achieve, in that case?

kenobi> ip address of ISP's DNS

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (5)

comment:1 Changed 10 years ago by arma

kenobi> possible some examples for fixes of it via netfilter or flushing of
resolv.conf. I recall TorVM drops dns via tcp as example.

comment:2 Changed 9 years ago by nickm

Description: modified (diff)
Keywords: dns added
Milestone: Tor: unspecified

DNS bug. This should get done as part of any future dns revamp.

comment:3 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:4 Changed 7 years ago by nickm

Component: Tor RelayTor

comment:5 Changed 2 years ago by nickm

Cc: arma,nickm,Sebastianarma, nickm, Sebastian
Keywords: prop219 added
Severity: Normal
Note: See TracTickets for help on using tickets.