Description
As a typical part of the Croc protocol (if no explicit --ip is passed), the receiver will ask the sender about its locally assigned IP addresses via the ips? message (croc.go:792). This message and its reply are sent unencrypted. I assume there is no encryption, because the receiver might still switch the connection to a direct one, without going through a public relay, and setting up the encryption context twice might add additional latency, or additional code complexity.
The message being unencrypted means, however, that the sender will send out cleartext information over the Internet, containing all locally assigned IP addresses. This might be an unexpected information leak for a range of users. It can reveal information about the structure of internal networks or otherwise offer information about the identity of the sender.
To fix this, the encryption layer should be established before any other data is transferred between sender and receiver.