aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@riseup.net>2019-08-27 11:47:46 +0300
committerGeorge Kadianakis <desnacked@riseup.net>2019-08-27 11:47:46 +0300
commit78e084a12e55cf7f26f8663dfe738c2a49468e86 (patch)
tree994d5b5262894adaa31f832d8ff6617ad9948602
parent761a0ec3d1d3b79f5476789621d1f9c9efd07051 (diff)
parent8af92b6577595181eddc1dea25cf44d20bedb8a0 (diff)
downloadtor-78e084a12e55cf7f26f8663dfe738c2a49468e86.tar.gz
tor-78e084a12e55cf7f26f8663dfe738c2a49468e86.zip
Merge branch 'tor-github/pr/1267'
-rw-r--r--changes/bug310885
-rw-r--r--src/feature/dirauth/process_descs.c16
-rw-r--r--src/feature/dirauth/process_descs.h4
-rw-r--r--src/test/test_address.c36
4 files changed, 58 insertions, 3 deletions
diff --git a/changes/bug31088 b/changes/bug31088
new file mode 100644
index 0000000000..c258d1bada
--- /dev/null
+++ b/changes/bug31088
@@ -0,0 +1,5 @@
+ o Minor bugfixes (ipv6):
+ - We check for private IPv6 address alongside their IPv4 equivalents when
+ authorities check descriptors. Previously, we only checked for private
+ IPv4 addresses. Fixes bug 31088; bugfix on 0.2.3.21-rc. Patch by Neel
+ Chauhan.
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c
index a68d155651..e1a02179b0 100644
--- a/src/feature/dirauth/process_descs.c
+++ b/src/feature/dirauth/process_descs.c
@@ -428,7 +428,7 @@ dirserv_free_fingerprint_list(void)
/** Return -1 if <b>ri</b> has a private or otherwise bad address,
* unless we're configured to not care. Return 0 if all ok. */
-static int
+STATIC int
dirserv_router_has_valid_address(routerinfo_t *ri)
{
tor_addr_t addr;
@@ -436,12 +436,22 @@ dirserv_router_has_valid_address(routerinfo_t *ri)
return 0; /* whatever it is, we're fine with it */
tor_addr_from_ipv4h(&addr, ri->addr);
- if (tor_addr_is_internal(&addr, 0)) {
+ if (tor_addr_is_internal(&addr, 0) || tor_addr_is_null(&addr)) {
+ log_info(LD_DIRSERV,
+ "Router %s published internal IPv4 address. Refusing.",
+ router_describe(ri));
+ return -1; /* it's a private IP, we should reject it */
+ }
+ /* We only check internal v6 on non-null addresses because we do not require
+ * IPv6 and null IPv6 is normal. */
+ if (tor_addr_is_internal(&ri->ipv6_addr, 0) &&
+ !tor_addr_is_null(&ri->ipv6_addr)) {
log_info(LD_DIRSERV,
- "Router %s published internal IP address. Refusing.",
+ "Router %s published internal IPv6 address. Refusing.",
router_describe(ri));
return -1; /* it's a private IP, we should reject it */
}
+
return 0;
}
diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h
index 001c866eba..1d4085b091 100644
--- a/src/feature/dirauth/process_descs.h
+++ b/src/feature/dirauth/process_descs.h
@@ -36,4 +36,8 @@ void dirserv_set_node_flags_from_authoritative_status(node_t *node,
int dirserv_would_reject_router(const routerstatus_t *rs);
+#ifdef TOR_UNIT_TESTS
+STATIC int dirserv_router_has_valid_address(routerinfo_t *ri);
+#endif /* defined(TOR_UNIT_TESTS) */
+
#endif /* !defined(TOR_RECV_UPLOADS_H) */
diff --git a/src/test/test_address.c b/src/test/test_address.c
index bf9ca047dc..ef6daa06b4 100644
--- a/src/test/test_address.c
+++ b/src/test/test_address.c
@@ -24,6 +24,7 @@
#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
#include "core/or/or.h"
+#include "feature/dirauth/process_descs.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/nodelist.h"
@@ -1244,6 +1245,40 @@ test_address_tor_node_in_same_network_family(void *ignored)
helper_free_mock_node(node_b);
}
+#define CHECK_RI_ADDR(addr_str, rv) STMT_BEGIN \
+ ri = tor_malloc_zero(sizeof(routerinfo_t)); \
+ tor_addr_t addr; \
+ tor_addr_parse(&addr, (addr_str)); \
+ ri->addr = tor_addr_to_ipv4h(&addr); \
+ tor_addr_make_null(&ri->ipv6_addr, AF_INET6); \
+ tt_int_op(dirserv_router_has_valid_address(ri), OP_EQ, (rv)); \
+ tor_free(ri); \
+ STMT_END
+
+/* XXX: Here, we use a non-internal IPv4 as dirserv_router_has_valid_address()
+ * will check internal/null IPv4 first. */
+#define CHECK_RI_ADDR6(addr_str, rv) STMT_BEGIN \
+ ri = tor_malloc_zero(sizeof(routerinfo_t)); \
+ ri->addr = 16777217; /* 1.0.0.1 */ \
+ tor_addr_parse(&ri->ipv6_addr, (addr_str)); \
+ tt_int_op(dirserv_router_has_valid_address(ri), OP_EQ, (rv)); \
+ tor_free(ri); \
+ STMT_END
+
+static void
+test_address_dirserv_router_addr_private(void *ignored)
+{
+ (void)ignored;
+ /* A stub routerinfo structure, with only its address fields set. */
+ routerinfo_t *ri = NULL;
+ CHECK_RI_ADDR("1.0.0.1", 0);
+ CHECK_RI_ADDR("10.0.0.1", -1);
+ CHECK_RI_ADDR6("2600::1", 0);
+ CHECK_RI_ADDR6("fe80::1", -1);
+ done:
+ tor_free(ri);
+}
+
#define ADDRESS_TEST(name, flags) \
{ #name, test_address_ ## name, flags, NULL, NULL }
@@ -1277,5 +1312,6 @@ struct testcase_t address_tests[] = {
ADDRESS_TEST(tor_addr_eq_ipv4h, 0),
ADDRESS_TEST(tor_addr_in_same_network_family, 0),
ADDRESS_TEST(tor_node_in_same_network_family, 0),
+ ADDRESS_TEST(dirserv_router_addr_private, 0),
END_OF_TESTCASES
};