diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:15:01 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:15:01 -0400 |
commit | bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf (patch) | |
tree | aff69c3b873c1a071ed09ee7494dea909b577e59 | |
parent | 443e4ae1ee0520cead27dd3a21e9f79b1bed8f8b (diff) | |
parent | 45b520b6a4872a5c52b934df9c345e04536568b1 (diff) | |
download | tor-bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf.tar.gz tor-bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf.zip |
Merge branch 'bug6710_023' into maint-0.2.3
-rw-r--r-- | changes/bug6710 | 6 | ||||
-rw-r--r-- | doc/tor.1.txt | 6 | ||||
-rw-r--r-- | src/or/circuitbuild.c | 7 | ||||
-rw-r--r-- | src/or/config.c | 2 | ||||
-rw-r--r-- | src/or/or.h | 4 |
5 files changed, 24 insertions, 1 deletions
diff --git a/changes/bug6710 b/changes/bug6710 new file mode 100644 index 0000000000..2c89346114 --- /dev/null +++ b/changes/bug6710 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Reject any attempt to extend to an internal address. Without + this fix, a router could be used to probe addresses on an + internal network to see whether they were accepting + connections. Fix for bug 6710; bugfix on 0.0.8pre1. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e7ba8485c0..7e0751b2b2 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1470,6 +1470,11 @@ is non-zero): its extra-info documents that it uploads to the directory authorities. (Default: 1) +**ExtendAllowPrivateAddresses** **0**|**1**:: + When this option is enabled, Tor routers allow EXTEND request to + localhost, RFC1918 addresses, and so on. This can create security issues; + you should probably leave it off. (Default: 0) + DIRECTORY SERVER OPTIONS ------------------------ @@ -1795,6 +1800,7 @@ The following options are used for running a testing Tor network. ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 + ExtendAllowPrivateAddresses 1 V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 39a223b2f4..f11bebf7c9 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2432,6 +2432,13 @@ circuit_extend(cell_t *cell, circuit_t *circ) return -1; } + if (tor_addr_is_internal(&n_addr, 0) && + !get_options()->ExtendAllowPrivateAddresses) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Client asked me to extend to a private address"); + return -1; + } + /* Check if they asked us for 0000..0000. We support using * an empty fingerprint for the first hop (e.g. for a bridge relay), * but we don't want to let people send us extend cells for empty diff --git a/src/or/config.c b/src/or/config.c index 3970808fb3..d5e80cc832 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -276,6 +276,7 @@ static config_var_t _option_vars[] = { V(ExitPolicy, LINELIST, NULL), V(ExitPolicyRejectPrivate, BOOL, "1"), V(ExitPortStatistics, BOOL, "0"), + V(ExtendAllowPrivateAddresses, BOOL, "0"), V(ExtraInfoStatistics, BOOL, "1"), #if defined (WINCE) @@ -473,6 +474,7 @@ static const config_var_t testing_tor_network_defaults[] = { V(ClientRejectInternalAddresses, BOOL, "0"), V(CountPrivateBandwidth, BOOL, "1"), V(ExitPolicyRejectPrivate, BOOL, "0"), + V(ExtendAllowPrivateAddresses, BOOL, "1"), V(V3AuthVotingInterval, INTERVAL, "5 minutes"), V(V3AuthVoteDelay, INTERVAL, "20 seconds"), V(V3AuthDistDelay, INTERVAL, "20 seconds"), diff --git a/src/or/or.h b/src/or/or.h index 908daa61c0..9074083a04 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3029,8 +3029,10 @@ typedef struct { config_line_t *RecommendedVersions; config_line_t *RecommendedClientVersions; config_line_t *RecommendedServerVersions; - /** Whether dirservers refuse router descriptors with private IPs. */ + /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; + /** Whether routers accept EXTEND cells to routers with private IPs. */ + int ExtendAllowPrivateAddresses; char *User; /**< Name of user to run Tor as. */ char *Group; /**< Name of group to run Tor as. */ config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */ |