diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-11-02 09:34:03 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-11-03 09:51:46 -0400 |
| commit | 6e8e1a4e6ff249afd32e7851989ba3d79df9d5b2 (patch) | |
| tree | 92e0c56b0db8d61b70b198ca4ed66693ce38742b | |
| parent | 77f5bfa60e0030d6c26eb01ea5fb1a04e0b2d6bb (diff) | |
| download | tor-6e8e1a4e6ff249afd32e7851989ba3d79df9d5b2.tar.gz tor-6e8e1a4e6ff249afd32e7851989ba3d79df9d5b2.zip | |
relay: Don't allow DirPort on non-IPv4
Our code doesn't allow it and so this prevents an assert() crash if the
DirPort is for instance IPv6 only.
Fixes #40494
Signed-off-by: David Goulet <dgoulet@torproject.org>
| -rw-r--r-- | changes/ticket40494 | 5 | ||||
| -rw-r--r-- | doc/man/tor.1.txt | 3 | ||||
| -rw-r--r-- | src/feature/relay/relay_config.c | 13 |
3 files changed, 19 insertions, 2 deletions
diff --git a/changes/ticket40494 b/changes/ticket40494 new file mode 100644 index 0000000000..a0e6c38443 --- /dev/null +++ b/changes/ticket40494 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to + be IPv4, but our configuration parser allowed them to be IPv6-only, + which led to an assertion failure. Fixes bug 40494; bugfix on + 0.4.5.1-alpha. diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 209900832f..7c0071500e 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -2803,7 +2803,8 @@ details.) more than once, but only one advertised DirPort is supported: all but one DirPort must have the **NoAdvertise** flag set. (Default: 0) + + - The same flags are supported here as are supported by ORPort. + The same flags are supported here as are supported by ORPort. This port can + only be IPv4. [[DirPortFrontPage]] **DirPortFrontPage** __FILENAME__:: When this option is set, it takes an HTML file and publishes it as "/" on diff --git a/src/feature/relay/relay_config.c b/src/feature/relay/relay_config.c index c4a5d7f572..8ea0ad8397 100644 --- a/src/feature/relay/relay_config.c +++ b/src/feature/relay/relay_config.c @@ -352,6 +352,7 @@ check_and_prune_server_ports(smartlist_t *ports, int n_orport_listeners = 0; int n_dirport_advertised = 0; int n_dirport_listeners = 0; + int n_dirport_listeners_v4 = 0; int n_low_port = 0; int r = 0; @@ -362,8 +363,12 @@ check_and_prune_server_ports(smartlist_t *ports, if (port->type == CONN_TYPE_DIR_LISTENER) { if (! port->server_cfg.no_advertise) ++n_dirport_advertised; - if (! port->server_cfg.no_listen) + if (! port->server_cfg.no_listen) { ++n_dirport_listeners; + if (port_binds_ipv4(port)) { + ++n_dirport_listeners_v4; + } + } } else if (port->type == CONN_TYPE_OR_LISTENER) { if (! port->server_cfg.no_advertise) { ++n_orport_advertised; @@ -408,6 +413,12 @@ check_and_prune_server_ports(smartlist_t *ports, "address. Tor needs to listen on an IPv4 address too."); r = -1; } + if (n_dirport_advertised && n_dirport_listeners_v4 == 0) { + log_warn(LD_CONFIG, "We are listening on a non-IPv4 DirPort. This is not " + "allowed. Consider either setting an IPv4 address or " + "simply removing it because it is not used anymore."); + r = -1; + } if (n_low_port && options->AccountingMax && (!have_capability_support() || options->KeepBindCapabilities == 0)) { |