Opened 2 months ago

Last modified 2 months ago

#24546 new defect

Use tor_addr_is_v4() rather than family, or reject all v6-mapped IPv4 addresses

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth, ipv6
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor: SponsorV-can

Description

In Tor, we try to support v6-mapped IPv4 addresses.
We should either:

  • reject them unconditionally, or
  • audit all uses of tor_addr_t.family to see if we should be calling tor_addr_is_v4() instead, and add a comment to the struct that says we should consider using tor_addr_is_v4() rather than comparing family.

If no relay in the consensus is currently using these addresses, then maybe we should just call them internal on authorities, relays, and clients, and remove all the code that tries to deal with them.

Discovered as part of #15518.

Child Tickets

Change History (1)

comment:1 Changed 2 months ago by teor

We should also audit all uses of tor_addr_compare(a1, a2, CMP_EXACT) to see if they should be CMP_SEMANTIC instead.

The current uses of CMP_SEMANTIC seem reasonable, but not essential: they code would still work if we rejected mapped addresses and did exact comparisons instead.

Note: See TracTickets for help on using tickets.