Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#6211 closed defect (fixed)

AllowDotExit 1 breaks in 0.2.3.17-beta

Reported by: cypherpunks Owned by:
Priority: High Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version: Tor: 0.2.3.17-beta
Severity: Keywords: regression tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm running 0.2.3.17-beta on Ubuntu 12.04 and I have AllowDotExit 1 in /etc/tor/torrc. .exit notation no longer works. This is relatively easy to reproduce:

# This works
$ curl --socks4a 127.0.0.1:9050 http://www.torproject.org/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
...

# The first .exit attempt sometimes works:
$ curl --socks4a 127.0.0.1:9050 http://www.torproject.org.chomsky.exit/                                             
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

# Later attempts fail
$ curl --socks4a 127.0.0.1:9050 http://www.torproject.org.chomsky.exit/
curl: (7) Can't complete SOCKS4 connection to 0.0.0.0:119. (91), request rejected or failed.

The following is in the Tor logs:

Jun 19 23:10:07.000 [warn] connection_ap_handshake_rewrite_and_attach(): Bug: Address '[scrubbed].exit', with impossible source for the .exit part. Refusing.

Child Tickets

Change History (6)

comment:1 Changed 7 years ago by nickm

Keywords: regression added
Milestone: Tor: 0.2.3.x-final
Priority: normalmajor

Ah, that looks simple enough. It looks like my fix for #3940 broke the case where we find a .exit address when doing a DNS lookup. Trying a quick fix.

comment:2 Changed 7 years ago by nickm

(FWIW, in case that curl stuff wasn't just a demo: you should probably avoid using AllowDotExit with web: It allows a single hostile exit node or website to pick which exit nodes you use for future HTTP connections.)

comment:3 Changed 7 years ago by nickm

Status: newneeds_review

Oh hey. addr_orig in the function addressmap_rewrite didn't mean what I thought. Please try out branch "bug6211" in my public repository?

comment:4 Changed 7 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Still looks good to me, tests out okay, and I don't see any followups from the cypherpunks user who reported this issue. merging it.

comment:5 Changed 7 years ago by nickm

Keywords: tor-client added

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.