Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix parse_virtual_addr_network minimum network size

Paolo Inglese 7 years ago
parent
14a6047210
commit
ae4077916c
3 changed files with 15 additions and 5 deletions
Split View Show Diff Stats
  1. 7 0
      changes/ticket20151
  2. 5 2
      doc/tor.1.txt
  3. 3 3
      src/or/addressmap.c

+ 7 - 0
changes/ticket20151
View File 

@@ -0,0 +1,7 @@
 
+ o Minor features:
 
+   - Increase the maximum number of bits for the IPv6 virtual network prefix
 
+     from 16 to 104. In this way, the condition for address allocation is less
 
+     restrictive. Also, the variable max_bits is called max_prefix_bits,
 
+     making it clearer the meaning of the condition (bits > max_prefix_bits).
 
+     Closes ticket 20151; feature on 0.2.4.7-alpha.
 
+

+ 5 - 2
doc/tor.1.txt
View File 

@@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
 
     "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
 
     The default **VirtualAddrNetwork** address ranges on a
 
     properly configured machine will route to the loopback or link-local
 
-    interface. For
 
-    local use, no change to the default VirtualAddrNetwork setting is needed.
 
+    interface. The maximum number of bits for the network prefix is set to 104
 
+    for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
 
+    - is preferable since it reduces the chances for an attacker to guess the
 
+    used IP. For local use, no change to the default VirtualAddrNetwork setting
 
+    is needed.
 
 
 [[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
 
     When this option is disabled, Tor blocks hostnames containing illegal

+ 3 - 3
src/or/addressmap.c
View File 

@@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
 
   const int ipv6 = (family == AF_INET6);
 
   tor_addr_t addr;
 
   maskbits_t bits;
 
-  const int max_bits = ipv6 ? 40 : 16;
 
+  const int max_prefix_bits = ipv6 ? 104 : 16;
 
   virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
 
 
   if (!val || val[0] == '\0') {
 
@@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
 
   }
 
 #endif
 
 
-  if (bits > max_bits) {
 
+  if (bits > max_prefix_bits) {
 
     if (msg)
 
       tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
 
-                   "network or larger",ipv6?"IPv6":"", max_bits);
 
+                   "network or larger",ipv6?"IPv6":"", max_prefix_bits);
 
     return -1;
 
   }