aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-08-27 16:15:01 -0400
committerNick Mathewson <nickm@torproject.org>2012-08-27 16:15:01 -0400
commitbffe0d3ccc6b49975eae9173b0c1c465d40d2dbf (patch)
treeaff69c3b873c1a071ed09ee7494dea909b577e59
parent443e4ae1ee0520cead27dd3a21e9f79b1bed8f8b (diff)
parent45b520b6a4872a5c52b934df9c345e04536568b1 (diff)
downloadtor-bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf.tar.gz
tor-bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf.zip
Merge branch 'bug6710_023' into maint-0.2.3
-rw-r--r--changes/bug67106
-rw-r--r--doc/tor.1.txt6
-rw-r--r--src/or/circuitbuild.c7
-rw-r--r--src/or/config.c2
-rw-r--r--src/or/or.h4
5 files changed, 24 insertions, 1 deletions
diff --git a/changes/bug6710 b/changes/bug6710
new file mode 100644
index 0000000000..2c89346114
--- /dev/null
+++ b/changes/bug6710
@@ -0,0 +1,6 @@
+ o Major bugfixes (security):
+ - Reject any attempt to extend to an internal address. Without
+ this fix, a router could be used to probe addresses on an
+ internal network to see whether they were accepting
+ connections. Fix for bug 6710; bugfix on 0.0.8pre1.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index e7ba8485c0..7e0751b2b2 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1470,6 +1470,11 @@ is non-zero):
its extra-info documents that it uploads to the directory authorities.
(Default: 1)
+**ExtendAllowPrivateAddresses** **0**|**1**::
+ When this option is enabled, Tor routers allow EXTEND request to
+ localhost, RFC1918 addresses, and so on. This can create security issues;
+ you should probably leave it off. (Default: 0)
+
DIRECTORY SERVER OPTIONS
------------------------
@@ -1795,6 +1800,7 @@ The following options are used for running a testing Tor network.
ClientRejectInternalAddresses 0
CountPrivateBandwidth 1
ExitPolicyRejectPrivate 0
+ ExtendAllowPrivateAddresses 1
V3AuthVotingInterval 5 minutes
V3AuthVoteDelay 20 seconds
V3AuthDistDelay 20 seconds
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 39a223b2f4..f11bebf7c9 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2432,6 +2432,13 @@ circuit_extend(cell_t *cell, circuit_t *circ)
return -1;
}
+ if (tor_addr_is_internal(&n_addr, 0) &&
+ !get_options()->ExtendAllowPrivateAddresses) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Client asked me to extend to a private address");
+ return -1;
+ }
+
/* Check if they asked us for 0000..0000. We support using
* an empty fingerprint for the first hop (e.g. for a bridge relay),
* but we don't want to let people send us extend cells for empty
diff --git a/src/or/config.c b/src/or/config.c
index 3970808fb3..d5e80cc832 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -276,6 +276,7 @@ static config_var_t _option_vars[] = {
V(ExitPolicy, LINELIST, NULL),
V(ExitPolicyRejectPrivate, BOOL, "1"),
V(ExitPortStatistics, BOOL, "0"),
+ V(ExtendAllowPrivateAddresses, BOOL, "0"),
V(ExtraInfoStatistics, BOOL, "1"),
#if defined (WINCE)
@@ -473,6 +474,7 @@ static const config_var_t testing_tor_network_defaults[] = {
V(ClientRejectInternalAddresses, BOOL, "0"),
V(CountPrivateBandwidth, BOOL, "1"),
V(ExitPolicyRejectPrivate, BOOL, "0"),
+ V(ExtendAllowPrivateAddresses, BOOL, "1"),
V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
V(V3AuthDistDelay, INTERVAL, "20 seconds"),
diff --git a/src/or/or.h b/src/or/or.h
index 908daa61c0..9074083a04 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3029,8 +3029,10 @@ typedef struct {
config_line_t *RecommendedVersions;
config_line_t *RecommendedClientVersions;
config_line_t *RecommendedServerVersions;
- /** Whether dirservers refuse router descriptors with private IPs. */
+ /** Whether dirservers allow router descriptors with private IPs. */
int DirAllowPrivateAddresses;
+ /** Whether routers accept EXTEND cells to routers with private IPs. */
+ int ExtendAllowPrivateAddresses;
char *User; /**< Name of user to run Tor as. */
char *Group; /**< Name of group to run Tor as. */
config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */