Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pr1182 squashed v2 #1267

Merged
merged 5 commits into from Aug 27, 2019
+58 −3
Merged

Pr1182 squashed v2 #1267

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d9a7d47
Check for private IPv6 addresses in dirserv_router_has_valid_address()
neelchauhan Jul 19, 2019
cc5af6d
Add changes file for Bug #31088
neelchauhan Jul 19, 2019
c8e69e6
Add test for dirserv_router_has_valid_address()
neelchauhan Aug 14, 2019
5eca338
In tests, make sure that "ri" is freed on all paths.
nmathewson Aug 26, 2019
8af92b6
test_address: parenthesize macro arguments.
nmathewson Aug 26, 2019
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes/bug31088
View file
Open in desktop
@@ -0,0 +1,5 @@
o Minor bugfixes (ipv6):
- We check for private IPv6 address alongside their IPv4 equivalents when
authorities check descriptors. Previously, we only checked for private
IPv4 addresses. Fixes bug 31088; bugfix on 0.2.3.21-rc. Patch by Neel
Chauhan.
16 src/feature/dirauth/process_descs.c
View file
Open in desktop
@@ -428,20 +428,30 @@ dirserv_free_fingerprint_list(void)

/** Return -1 if <b>ri</b> has a private or otherwise bad address,
* unless we're configured to not care. Return 0 if all ok. */
static int
STATIC int
dirserv_router_has_valid_address(routerinfo_t *ri)
{
tor_addr_t addr;
if (get_options()->DirAllowPrivateAddresses)
return 0; /* whatever it is, we're fine with it */
tor_addr_from_ipv4h(&addr, ri->addr);

if (tor_addr_is_internal(&addr, 0)) {
if (tor_addr_is_internal(&addr, 0) || tor_addr_is_null(&addr)) {
log_info(LD_DIRSERV,
"Router %s published internal IPv4 address. Refusing.",
router_describe(ri));
return -1; /* it's a private IP, we should reject it */
}
/* We only check internal v6 on non-null addresses because we do not require
* IPv6 and null IPv6 is normal. */
if (tor_addr_is_internal(&ri->ipv6_addr, 0) &&
!tor_addr_is_null(&ri->ipv6_addr)) {
log_info(LD_DIRSERV,
"Router %s published internal IP address. Refusing.",
"Router %s published internal IPv6 address. Refusing.",
router_describe(ri));
return -1; /* it's a private IP, we should reject it */
}

return 0;
}

4 src/feature/dirauth/process_descs.h
View file
Open in desktop
@@ -36,4 +36,8 @@ void dirserv_set_node_flags_from_authoritative_status(node_t *node,

int dirserv_would_reject_router(const routerstatus_t *rs);

#ifdef TOR_UNIT_TESTS
STATIC int dirserv_router_has_valid_address(routerinfo_t *ri);
#endif /* defined(TOR_UNIT_TESTS) */

#endif /* !defined(TOR_RECV_UPLOADS_H) */
36 src/test/test_address.c
View file
Open in desktop
@@ -24,6 +24,7 @@
#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */

#include "core/or/or.h"
#include "feature/dirauth/process_descs.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/node_st.h"
#include "feature/nodelist/nodelist.h"
@@ -1244,6 +1245,40 @@ test_address_tor_node_in_same_network_family(void *ignored)
helper_free_mock_node(node_b);
}

#define CHECK_RI_ADDR(addr_str, rv) STMT_BEGIN \
ri = tor_malloc_zero(sizeof(routerinfo_t)); \
tor_addr_t addr; \
tor_addr_parse(&addr, (addr_str)); \
ri->addr = tor_addr_to_ipv4h(&addr); \
tor_addr_make_null(&ri->ipv6_addr, AF_INET6); \
tt_int_op(dirserv_router_has_valid_address(ri), OP_EQ, (rv)); \
tor_free(ri); \
STMT_END

/* XXX: Here, we use a non-internal IPv4 as dirserv_router_has_valid_address()
* will check internal/null IPv4 first. */
#define CHECK_RI_ADDR6(addr_str, rv) STMT_BEGIN \
ri = tor_malloc_zero(sizeof(routerinfo_t)); \
ri->addr = 16777217; /* 1.0.0.1 */ \
tor_addr_parse(&ri->ipv6_addr, (addr_str)); \
tt_int_op(dirserv_router_has_valid_address(ri), OP_EQ, (rv)); \
tor_free(ri); \
STMT_END

static void
test_address_dirserv_router_addr_private(void *ignored)
{
(void)ignored;
/* A stub routerinfo structure, with only its address fields set. */
routerinfo_t *ri = NULL;
CHECK_RI_ADDR("1.0.0.1", 0);
CHECK_RI_ADDR("10.0.0.1", -1);
CHECK_RI_ADDR6("2600::1", 0);
CHECK_RI_ADDR6("fe80::1", -1);
done:
tor_free(ri);
}

#define ADDRESS_TEST(name, flags) \
{ #name, test_address_ ## name, flags, NULL, NULL }

@@ -1277,5 +1312,6 @@ struct testcase_t address_tests[] = {
ADDRESS_TEST(tor_addr_eq_ipv4h, 0),
ADDRESS_TEST(tor_addr_in_same_network_family, 0),
ADDRESS_TEST(tor_node_in_same_network_family, 0),
ADDRESS_TEST(dirserv_router_addr_private, 0),
END_OF_TESTCASES
};