Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#6211 closed defect (fixed)

AllowDotExit 1 breaks in

Reported by: cypherpunks Owned by:
Priority: High Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Keywords: regression tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I'm running on Ubuntu 12.04 and I have AllowDotExit 1 in /etc/tor/torrc. .exit notation no longer works. This is relatively easy to reproduce:

# This works
$ curl --socks4a

# The first .exit attempt sometimes works:
$ curl --socks4a                                             

# Later attempts fail
$ curl --socks4a
curl: (7) Can't complete SOCKS4 connection to (91), request rejected or failed.

The following is in the Tor logs:

Jun 19 23:10:07.000 [warn] connection_ap_handshake_rewrite_and_attach(): Bug: Address '[scrubbed].exit', with impossible source for the .exit part. Refusing.

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by nickm

Keywords: regression added
Milestone: Tor: 0.2.3.x-final
Priority: normalmajor

Ah, that looks simple enough. It looks like my fix for #3940 broke the case where we find a .exit address when doing a DNS lookup. Trying a quick fix.

comment:2 Changed 8 years ago by nickm

(FWIW, in case that curl stuff wasn't just a demo: you should probably avoid using AllowDotExit with web: It allows a single hostile exit node or website to pick which exit nodes you use for future HTTP connections.)

comment:3 Changed 8 years ago by nickm

Status: newneeds_review

Oh hey. addr_orig in the function addressmap_rewrite didn't mean what I thought. Please try out branch "bug6211" in my public repository?

comment:4 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Still looks good to me, tests out okay, and I don't see any followups from the cypherpunks user who reported this issue. merging it.

comment:5 Changed 8 years ago by nickm

Keywords: tor-client added

comment:6 Changed 8 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.