sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix parse_virtual_addr_network minimum network size

This commit is contained in:
Paolo Inglese 2016-10-03 12:18:51 +01:00
parent 14a6047210
commit ae4077916c
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changes/ticket20151 Normal file
View File

@ -0,0 +1,7 @@
o Minor features:
- Increase the maximum number of bits for the IPv6 virtual network prefix
from 16 to 104. In this way, the condition for address allocation is less
restrictive. Also, the variable max_bits is called max_prefix_bits,
making it clearer the meaning of the condition (bits > max_prefix_bits).
Closes ticket 20151; feature on 0.2.4.7-alpha.

7
doc/tor.1.txt
View File

@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
"172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
The default **VirtualAddrNetwork** address ranges on a
properly configured machine will route to the loopback or link-local
interface. For
local use, no change to the default VirtualAddrNetwork setting is needed.
interface. The maximum number of bits for the network prefix is set to 104
for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
- is preferable since it reduces the chances for an attacker to guess the
used IP. For local use, no change to the default VirtualAddrNetwork setting
is needed.
[[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
When this option is disabled, Tor blocks hostnames containing illegal

6
src/or/addressmap.c
View File

@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
const int ipv6 = (family == AF_INET6);
tor_addr_t addr;
maskbits_t bits;
const int max_bits = ipv6 ? 40 : 16;
const int max_prefix_bits = ipv6 ? 104 : 16;
virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
if (!val || val[0] == '\0') {
@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
}
#endif
if (bits > max_bits) {
if (bits > max_prefix_bits) {
if (msg)
tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
"network or larger",ipv6?"IPv6":"", max_bits);
"network or larger",ipv6?"IPv6":"", max_prefix_bits);
return -1;
}