Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Yawning Angel@yawning

Tor should consider more addresses as invalid

There's a few more address blocks that should never appear on the public internet that do not appear to be checked for when processing the exit policy (Belong in private_nets) or in tor_addr_is_internal().

From RFC 5735:

  • 192.0.2.0/24 TEST-NET-1
  • 198.51.100.0/24 TEST-NET-2
  • 203.0.113.0/24 TEST-NET-3
  • 198.18.0.0/15 Network Interconnect Device Benchmark Testing

From RFC 5156:

  • 2001:db8::/32 Documentation Prefix
  • 2001:10::/28 ORCHID

Traffic containing these addresses have no business being on the public internet, so the code should be updated to check for them and reject them where appropriate. Since tor_addr_is_internal() is used for things other than rejection, this probably should be done as a separate function that is checked when the code means "Reject things that should not be used" (most of the code) vs "Explicitly need a local address" (warn_nonlocal_client_ports() for example).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information