circuit_handle_first_hop doesn't respect ExtendAllowPrivateAddresses
|Reported by:||teor||Owned by:|
|Priority:||Very High||Milestone:||Tor: 0.2.8.x-final|
|Severity:||Major||Keywords:||tor-hs, 027-backport, 026-backport, security, tor-dos, 2016-bug-retrospective|
circuit_extend checks ExtendAllowPrivateAddresses, but by then it's too late, we've already connected in circuit_handle_first_hop.
This seems to be a DoS risk.
onionskin_answer handles local connections as a special case using channel_is_local, so we might actually be making some that serve some useful purpose. (What is that purpose?)
Do we really need to allow connections to our own address from ourselves?
It might be a good idea to refuse to build circuits to ourselves in circuit_handle_first_hop if ExtendAllowPrivateAddresses is 0, and then see what falls over. Unfortunately, this can't be tested using chutney.
Change History (13)
comment:6 in reply to: ↑ 4 ; follow-up: ↓ 7 Changed 17 months ago by dgoulet
- Status changed from needs_review to needs_information
comment:11 Changed 17 months ago by teor
- Resolution set to fixed
- Status changed from needs_review to closed