mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge branch 'maint-0.3.2'
This commit is contained in:
Nick Mathewson
commit
9f650b24e9
7
changes/ticket21031
Normal file
7
changes/ticket21031
Normal file
@ -0,0 +1,7 @@
|
||||
o Minor features (removed deprecations):
|
||||
- The ClientDNSRejectInternalAddresses flag can once again be set in
|
||||
non-testing Tor networks, so long as they do not use the default
|
||||
directory authorities.
|
||||
This change also removes the deprecation of this
|
||||
flag in 0.2.9.2-alpha. Closes ticket 21031.
|
||||
|
||||
@ -1440,9 +1440,15 @@ The following options are useful only for clients (that is, if
|
||||
addresses/ports. See SocksPort for an explanation of isolation
|
||||
flags. (Default: 0)
|
||||
|
||||
[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**::
|
||||
If true, Tor does not believe any anonymously retrieved DNS answer that
|
||||
tells it that an address resolves to an internal address (like 127.0.0.1 or
|
||||
192.168.0.1). This option prevents certain browser-based attacks; it
|
||||
is not allowed to be set on the default network. (Default: 1)
|
||||
|
||||
[[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**::
|
||||
If true, Tor does not try to fulfill requests to connect to an internal
|
||||
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
|
||||
address (like 127.0.0.1 or 192.168.0.1) __unless an exit node is
|
||||
specifically requested__ (for example, via a .exit hostname, or a
|
||||
controller request). If true, multicast DNS hostnames for machines on the
|
||||
local network (of the form *.local) are also rejected. (Default: 1)
|
||||
@ -2606,7 +2612,7 @@ The following options are used for running a testing Tor network.
|
||||
4 (for 40 seconds), 8, 16, 32, 60
|
||||
ClientBootstrapConsensusMaxDownloadTries 80
|
||||
ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80
|
||||
TestingClientDNSRejectInternalAddresses 0
|
||||
ClientDNSRejectInternalAddresses 0
|
||||
ClientRejectInternalAddresses 0
|
||||
CountPrivateBandwidth 1
|
||||
ExitPolicyRejectPrivate 0
|
||||
@ -2817,13 +2823,6 @@ The following options are used for running a testing Tor network.
|
||||
we replace it and issue a new key?
|
||||
(Default: 3 hours for link and auth; 1 day for signing.)
|
||||
|
||||
[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**::
|
||||
If true, Tor does not believe any anonymously retrieved DNS answer that
|
||||
tells it that an address resolves to an internal address (like 127.0.0.1 or
|
||||
192.168.0.1). This option prevents certain browser-based attacks; don't
|
||||
turn it off unless you know what you're doing. (Default: 1)
|
||||
|
||||
|
||||
NON-PERSISTENT OPTIONS
|
||||
----------------------
|
||||
|
||||
|
||||
@ -170,8 +170,6 @@ static config_abbrev_t option_abbrevs_[] = {
|
||||
{ "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
|
||||
{ "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
|
||||
{ "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
|
||||
{ "ClientDNSRejectInternalAddresses",
|
||||
"TestingClientDNSRejectInternalAddresses", 0, 1, },
|
||||
{ NULL, NULL, 0, 0},
|
||||
};
|
||||
|
||||
@ -263,7 +261,7 @@ static config_var_t option_vars_[] = {
|
||||
V(CircuitsAvailableTimeout, INTERVAL, "0"),
|
||||
V(CircuitStreamTimeout, INTERVAL, "0"),
|
||||
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
|
||||
V(TestingClientDNSRejectInternalAddresses, BOOL,"1"),
|
||||
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
|
||||
V(ClientOnly, BOOL, "0"),
|
||||
V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"),
|
||||
V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
|
||||
@ -651,7 +649,7 @@ static const config_var_t testing_tor_network_defaults[] = {
|
||||
"0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
|
||||
V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"),
|
||||
V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"),
|
||||
V(TestingClientDNSRejectInternalAddresses, BOOL,"0"),
|
||||
V(ClientDNSRejectInternalAddresses, BOOL,"0"),
|
||||
V(ClientRejectInternalAddresses, BOOL, "0"),
|
||||
V(CountPrivateBandwidth, BOOL, "1"),
|
||||
V(ExitPolicyRejectPrivate, BOOL, "0"),
|
||||
@ -696,7 +694,12 @@ static const config_var_t testing_tor_network_defaults[] = {
|
||||
#undef OBSOLETE
|
||||
|
||||
static const config_deprecation_t option_deprecation_notes_[] = {
|
||||
/* Deprecated since 0.3.2.1-alpha. */
|
||||
/* Deprecated since 0.2.9.2-alpha... */
|
||||
{ "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
|
||||
"a wide variety of application-level attacks." },
|
||||
/* End of options deprecated since 0.2.9.2-alpha. */
|
||||
|
||||
/* Deprecated since 0.3.2.0-alpha. */
|
||||
{ "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
|
||||
"to your directory server, which your Tor probably wasn't using." },
|
||||
{ "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
|
||||
@ -4258,9 +4261,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
CHECK_DEFAULT(TestingSigningKeySlop);
|
||||
CHECK_DEFAULT(TestingAuthKeySlop);
|
||||
CHECK_DEFAULT(TestingLinkKeySlop);
|
||||
CHECK_DEFAULT(TestingClientDNSRejectInternalAddresses);
|
||||
#undef CHECK_DEFAULT
|
||||
|
||||
if (!options->ClientDNSRejectInternalAddresses &&
|
||||
!(options->DirAuthorities ||
|
||||
(options->AlternateDirAuthority && options->AlternateBridgeAuthority)))
|
||||
REJECT("ClientDNSRejectInternalAddresses used for default network.");
|
||||
if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
|
||||
REJECT("SigningKeyLifetime is too short.");
|
||||
if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)
|
||||
|
||||
@ -1344,7 +1344,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
|
||||
/* Hang on, did we find an answer saying that this is a reverse lookup for
|
||||
* an internal address? If so, we should reject it if we're configured to
|
||||
* do so. */
|
||||
if (options->TestingClientDNSRejectInternalAddresses) {
|
||||
if (options->ClientDNSRejectInternalAddresses) {
|
||||
/* Don't let clients try to do a reverse lookup on 10.0.0.1. */
|
||||
tor_addr_t addr;
|
||||
int ok;
|
||||
|
||||
@ -4207,7 +4207,7 @@ typedef struct {
|
||||
/** If true, do not believe anybody who tells us that a domain resolves
|
||||
* to an internal address, or that an internal address has a PTR mapping.
|
||||
* Helps avoid some cross-site attacks. */
|
||||
int TestingClientDNSRejectInternalAddresses;
|
||||
int ClientDNSRejectInternalAddresses;
|
||||
|
||||
/** If true, do not accept any requests to connect to internal addresses
|
||||
* over randomly chosen exits. */
|
||||
|
||||
@ -949,7 +949,7 @@ connection_ap_process_end_not_open(
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
|
||||
return 0;
|
||||
}
|
||||
if (get_options()->TestingClientDNSRejectInternalAddresses &&
|
||||
if (get_options()->ClientDNSRejectInternalAddresses &&
|
||||
tor_addr_is_internal(&addr, 0)) {
|
||||
log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
|
||||
safe_str(conn->socks_request->address));
|
||||
@ -1366,7 +1366,7 @@ connection_edge_process_resolved_cell(edge_connection_t *conn,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (get_options()->TestingClientDNSRejectInternalAddresses) {
|
||||
if (get_options()->ClientDNSRejectInternalAddresses) {
|
||||
int orig_len = smartlist_len(resolved_addresses);
|
||||
SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
|
||||
if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
|
||||
@ -1459,7 +1459,7 @@ connection_edge_process_relay_cell_not_open(
|
||||
if (tor_addr_family(&addr) != AF_UNSPEC) {
|
||||
const sa_family_t family = tor_addr_family(&addr);
|
||||
if (tor_addr_is_null(&addr) ||
|
||||
(get_options()->TestingClientDNSRejectInternalAddresses &&
|
||||
(get_options()->ClientDNSRejectInternalAddresses &&
|
||||
tor_addr_is_internal(&addr, 0))) {
|
||||
log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
|
||||
fmt_addr(&addr));
|
||||
|
||||
@ -398,11 +398,12 @@ fixed_get_uname(void)
|
||||
"V3AuthVoteDelay 20\n" \
|
||||
"V3AuthDistDelay 20\n" \
|
||||
"V3AuthNIntervalsValid 3\n" \
|
||||
"ClientUseIPv4 1\n" \
|
||||
"ClientUseIPv4 1\n" \
|
||||
"VirtualAddrNetworkIPv4 127.192.0.0/10\n" \
|
||||
"VirtualAddrNetworkIPv6 [FE80::]/10\n" \
|
||||
"UseEntryGuards 1\n" \
|
||||
"Schedulers Vanilla\n"
|
||||
"Schedulers Vanilla\n" \
|
||||
"ClientDNSRejectInternalAddresses 1\n"
|
||||
|
||||
typedef struct {
|
||||
or_options_t *old_opt;
|
||||
|
||||
@ -112,7 +112,7 @@ test_relaycell_resolved(void *arg)
|
||||
MOCK(connection_mark_unattached_ap_, mark_unattached_mock);
|
||||
MOCK(connection_ap_handshake_socks_resolved, socks_resolved_mock);
|
||||
|
||||
options->TestingClientDNSRejectInternalAddresses = 0;
|
||||
options->ClientDNSRejectInternalAddresses = 0;
|
||||
|
||||
SET_CELL(/* IPv4: 127.0.1.2, ttl 256 */
|
||||
"\x04\x04\x7f\x00\x01\x02\x00\x00\x01\x00"
|
||||
@ -151,7 +151,7 @@ test_relaycell_resolved(void *arg)
|
||||
|
||||
/* But we may be discarding private answers. */
|
||||
MOCK_RESET();
|
||||
options->TestingClientDNSRejectInternalAddresses = 1;
|
||||
options->ClientDNSRejectInternalAddresses = 1;
|
||||
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
|
||||
tt_int_op(r, OP_EQ, 0);
|
||||
ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
|
||||
|
||||
Loading…
Reference in New Issue
Block a user