Merge branch 'maint-0.3.2' into release-0.3.2

This commit is contained in:
Nick Mathewson 2017-11-05 14:09:21 -05:00
commit ed10b34efe
8 changed files with 37 additions and 24 deletions

7
changes/ticket21031 Normal file
View File

@ -0,0 +1,7 @@
o Minor features (removed deprecations):
- The ClientDNSRejectInternalAddresses flag can once again be set in
non-testing Tor networks, so long as they do not use the default
directory authorities.
This change also removes the deprecation of this
flag in 0.2.9.2-alpha. Closes ticket 21031.

View File

@ -1440,9 +1440,15 @@ The following options are useful only for clients (that is, if
addresses/ports. See SocksPort for an explanation of isolation addresses/ports. See SocksPort for an explanation of isolation
flags. (Default: 0) flags. (Default: 0)
[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**::
If true, Tor does not believe any anonymously retrieved DNS answer that
tells it that an address resolves to an internal address (like 127.0.0.1 or
192.168.0.1). This option prevents certain browser-based attacks; it
is not allowed to be set on the default network. (Default: 1)
[[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**:: [[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**::
If true, Tor does not try to fulfill requests to connect to an internal If true, Tor does not try to fulfill requests to connect to an internal
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is address (like 127.0.0.1 or 192.168.0.1) __unless an exit node is
specifically requested__ (for example, via a .exit hostname, or a specifically requested__ (for example, via a .exit hostname, or a
controller request). If true, multicast DNS hostnames for machines on the controller request). If true, multicast DNS hostnames for machines on the
local network (of the form *.local) are also rejected. (Default: 1) local network (of the form *.local) are also rejected. (Default: 1)
@ -2507,7 +2513,7 @@ The following options are used for running a testing Tor network.
4 (for 40 seconds), 8, 16, 32, 60 4 (for 40 seconds), 8, 16, 32, 60
ClientBootstrapConsensusMaxDownloadTries 80 ClientBootstrapConsensusMaxDownloadTries 80
ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80
TestingClientDNSRejectInternalAddresses 0 ClientDNSRejectInternalAddresses 0
ClientRejectInternalAddresses 0 ClientRejectInternalAddresses 0
CountPrivateBandwidth 1 CountPrivateBandwidth 1
ExitPolicyRejectPrivate 0 ExitPolicyRejectPrivate 0
@ -2718,13 +2724,6 @@ The following options are used for running a testing Tor network.
we replace it and issue a new key? we replace it and issue a new key?
(Default: 3 hours for link and auth; 1 day for signing.) (Default: 3 hours for link and auth; 1 day for signing.)
[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**::
If true, Tor does not believe any anonymously retrieved DNS answer that
tells it that an address resolves to an internal address (like 127.0.0.1 or
192.168.0.1). This option prevents certain browser-based attacks; don't
turn it off unless you know what you're doing. (Default: 1)
NON-PERSISTENT OPTIONS NON-PERSISTENT OPTIONS
---------------------- ----------------------

View File

@ -169,8 +169,6 @@ static config_abbrev_t option_abbrevs_[] = {
{ "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0}, { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
{ "HashedControlPassword", "__HashedControlSessionPassword", 1, 0}, { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
{ "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0}, { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
{ "ClientDNSRejectInternalAddresses",
"TestingClientDNSRejectInternalAddresses", 0, 1, },
{ NULL, NULL, 0, 0}, { NULL, NULL, 0, 0},
}; };
@ -262,7 +260,7 @@ static config_var_t option_vars_[] = {
V(CircuitsAvailableTimeout, INTERVAL, "0"), V(CircuitsAvailableTimeout, INTERVAL, "0"),
V(CircuitStreamTimeout, INTERVAL, "0"), V(CircuitStreamTimeout, INTERVAL, "0"),
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/ V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(TestingClientDNSRejectInternalAddresses, BOOL,"1"), V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"), V(ClientOnly, BOOL, "0"),
V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"), V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"),
V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"), V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
@ -648,7 +646,7 @@ static const config_var_t testing_tor_network_defaults[] = {
"0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"), "0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"), V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"),
V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"), V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"),
V(TestingClientDNSRejectInternalAddresses, BOOL,"0"), V(ClientDNSRejectInternalAddresses, BOOL,"0"),
V(ClientRejectInternalAddresses, BOOL, "0"), V(ClientRejectInternalAddresses, BOOL, "0"),
V(CountPrivateBandwidth, BOOL, "1"), V(CountPrivateBandwidth, BOOL, "1"),
V(ExitPolicyRejectPrivate, BOOL, "0"), V(ExitPolicyRejectPrivate, BOOL, "0"),
@ -693,7 +691,12 @@ static const config_var_t testing_tor_network_defaults[] = {
#undef OBSOLETE #undef OBSOLETE
static const config_deprecation_t option_deprecation_notes_[] = { static const config_deprecation_t option_deprecation_notes_[] = {
/* Deprecated since 0.3.2.1-alpha. */ /* Deprecated since 0.2.9.2-alpha... */
{ "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
"a wide variety of application-level attacks." },
/* End of options deprecated since 0.2.9.2-alpha. */
/* Deprecated since 0.3.2.0-alpha. */
{ "HTTPProxy", "It only applies to direct unencrypted HTTP connections " { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
"to your directory server, which your Tor probably wasn't using." }, "to your directory server, which your Tor probably wasn't using." },
{ "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy " { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
@ -4211,9 +4214,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingSigningKeySlop); CHECK_DEFAULT(TestingSigningKeySlop);
CHECK_DEFAULT(TestingAuthKeySlop); CHECK_DEFAULT(TestingAuthKeySlop);
CHECK_DEFAULT(TestingLinkKeySlop); CHECK_DEFAULT(TestingLinkKeySlop);
CHECK_DEFAULT(TestingClientDNSRejectInternalAddresses);
#undef CHECK_DEFAULT #undef CHECK_DEFAULT
if (!options->ClientDNSRejectInternalAddresses &&
!(options->DirAuthorities ||
(options->AlternateDirAuthority && options->AlternateBridgeAuthority)))
REJECT("ClientDNSRejectInternalAddresses used for default network.");
if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2) if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
REJECT("SigningKeyLifetime is too short."); REJECT("SigningKeyLifetime is too short.");
if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2) if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)

View File

@ -1344,7 +1344,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
/* Hang on, did we find an answer saying that this is a reverse lookup for /* Hang on, did we find an answer saying that this is a reverse lookup for
* an internal address? If so, we should reject it if we're configured to * an internal address? If so, we should reject it if we're configured to
* do so. */ * do so. */
if (options->TestingClientDNSRejectInternalAddresses) { if (options->ClientDNSRejectInternalAddresses) {
/* Don't let clients try to do a reverse lookup on 10.0.0.1. */ /* Don't let clients try to do a reverse lookup on 10.0.0.1. */
tor_addr_t addr; tor_addr_t addr;
int ok; int ok;

View File

@ -4204,7 +4204,7 @@ typedef struct {
/** If true, do not believe anybody who tells us that a domain resolves /** If true, do not believe anybody who tells us that a domain resolves
* to an internal address, or that an internal address has a PTR mapping. * to an internal address, or that an internal address has a PTR mapping.
* Helps avoid some cross-site attacks. */ * Helps avoid some cross-site attacks. */
int TestingClientDNSRejectInternalAddresses; int ClientDNSRejectInternalAddresses;
/** If true, do not accept any requests to connect to internal addresses /** If true, do not accept any requests to connect to internal addresses
* over randomly chosen exits. */ * over randomly chosen exits. */

View File

@ -949,7 +949,7 @@ connection_ap_process_end_not_open(
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0; return 0;
} }
if (get_options()->TestingClientDNSRejectInternalAddresses && if (get_options()->ClientDNSRejectInternalAddresses &&
tor_addr_is_internal(&addr, 0)) { tor_addr_is_internal(&addr, 0)) {
log_info(LD_APP,"Address '%s' resolved to internal. Closing,", log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
safe_str(conn->socks_request->address)); safe_str(conn->socks_request->address));
@ -1366,7 +1366,7 @@ connection_edge_process_resolved_cell(edge_connection_t *conn,
goto done; goto done;
} }
if (get_options()->TestingClientDNSRejectInternalAddresses) { if (get_options()->ClientDNSRejectInternalAddresses) {
int orig_len = smartlist_len(resolved_addresses); int orig_len = smartlist_len(resolved_addresses);
SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) { SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) { if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
@ -1459,7 +1459,7 @@ connection_edge_process_relay_cell_not_open(
if (tor_addr_family(&addr) != AF_UNSPEC) { if (tor_addr_family(&addr) != AF_UNSPEC) {
const sa_family_t family = tor_addr_family(&addr); const sa_family_t family = tor_addr_family(&addr);
if (tor_addr_is_null(&addr) || if (tor_addr_is_null(&addr) ||
(get_options()->TestingClientDNSRejectInternalAddresses && (get_options()->ClientDNSRejectInternalAddresses &&
tor_addr_is_internal(&addr, 0))) { tor_addr_is_internal(&addr, 0))) {
log_info(LD_APP, "...but it claims the IP address was %s. Closing.", log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
fmt_addr(&addr)); fmt_addr(&addr));

View File

@ -402,7 +402,8 @@ fixed_get_uname(void)
"VirtualAddrNetworkIPv4 127.192.0.0/10\n" \ "VirtualAddrNetworkIPv4 127.192.0.0/10\n" \
"VirtualAddrNetworkIPv6 [FE80::]/10\n" \ "VirtualAddrNetworkIPv6 [FE80::]/10\n" \
"UseEntryGuards 1\n" \ "UseEntryGuards 1\n" \
"Schedulers Vanilla\n" "Schedulers Vanilla\n" \
"ClientDNSRejectInternalAddresses 1\n"
typedef struct { typedef struct {
or_options_t *old_opt; or_options_t *old_opt;

View File

@ -112,7 +112,7 @@ test_relaycell_resolved(void *arg)
MOCK(connection_mark_unattached_ap_, mark_unattached_mock); MOCK(connection_mark_unattached_ap_, mark_unattached_mock);
MOCK(connection_ap_handshake_socks_resolved, socks_resolved_mock); MOCK(connection_ap_handshake_socks_resolved, socks_resolved_mock);
options->TestingClientDNSRejectInternalAddresses = 0; options->ClientDNSRejectInternalAddresses = 0;
SET_CELL(/* IPv4: 127.0.1.2, ttl 256 */ SET_CELL(/* IPv4: 127.0.1.2, ttl 256 */
"\x04\x04\x7f\x00\x01\x02\x00\x00\x01\x00" "\x04\x04\x7f\x00\x01\x02\x00\x00\x01\x00"
@ -151,7 +151,7 @@ test_relaycell_resolved(void *arg)
/* But we may be discarding private answers. */ /* But we may be discarding private answers. */
MOCK_RESET(); MOCK_RESET();
options->TestingClientDNSRejectInternalAddresses = 1; options->ClientDNSRejectInternalAddresses = 1;
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh); r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
tt_int_op(r, OP_EQ, 0); tt_int_op(r, OP_EQ, 0);
ASSERT_MARK_CALLED(END_STREAM_REASON_DONE| ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|