Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist

If we did not find a non-private IPaddress by iterating over interfaces, we would try to get one via get_interface_address6_via_udp_socket_hack(). This opens a datagram socket with IPPROTO_UDP. Previously all our datagram sockets (via libevent) used IPPROTO_IP, so we did not have that in the sandboxing whitelist. Add (SOCK_DGRAM, IPPROTO_UDP) sockets to the sandboxing whitelist. Fixes bug 19660.
author: Peter Palfrader <peter@palfrader.org> 2016-07-11 09:37:01 +0200
committer: Peter Palfrader <peter@palfrader.org> 2016-07-11 09:37:01 +0200
commit: 36b06be73862d6f3206d0e2a6fe17af06f8b7c88 (patch)
tree: f5000273d52e31ea1d4f4d0077a4be2de1df958a /changes
parent: a931d157fd5454f679614e0a210144552ecabadf (diff)
download: tor-36b06be73862d6f3206d0e2a6fe17af06f8b7c88.tar.gz
tor-36b06be73862d6f3206d0e2a6fe17af06f8b7c88.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug19660 b/changes/bug19660
new file mode 100644
index 0000000000..72d32c8fe2
--- /dev/null
+++ b/changes/bug19660
@@ -0,0 +1,8 @@
+  o Minor bugfixes (sandboxing):
+    - If we did not find a non-private IPaddress by iterating over
+      interfaces, we would try to get one via
+      get_interface_address6_via_udp_socket_hack().  This opens a
+      datagram socket with IPPROTO_UDP.  Previously all our datagram
+      sockets (via libevent) used IPPROTO_IP, so we did not have that
+      in the sandboxing whitelist.  Add (SOCK_DGRAM, IPPROTO_UDP)
+      sockets to the sandboxing whitelist.  Fixes bug 19660.
author	Peter Palfrader <peter@palfrader.org>	2016-07-11 09:37:01 +0200
committer	Peter Palfrader <peter@palfrader.org>	2016-07-11 09:37:01 +0200
commit	36b06be73862d6f3206d0e2a6fe17af06f8b7c88 (patch)
tree	f5000273d52e31ea1d4f4d0077a4be2de1df958a /changes
parent	a931d157fd5454f679614e0a210144552ecabadf (diff)
download	tor-36b06be73862d6f3206d0e2a6fe17af06f8b7c88.tar.gz tor-36b06be73862d6f3206d0e2a6fe17af06f8b7c88.zip