#32588: Setting ORPort [ipv6]:auto mistakenly advertises port 94 -----------------------------------------------+--------------------------- Reporter: arma | Owner: neel Type: defect | Status: | needs_information Priority: Medium | Milestone: Tor: | 0.4.3.x-final Component: Core Tor/Tor | Version: Tor: | 0.4.1.6 Severity: Normal | Resolution: Keywords: ipv6, memory-safety, security-low | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -----------------------------------------------+---------------------------
Comment (by teor): It's also worth noting that we're getting 0x5e = 94 in the output, and not 0xcc5e or 0x5ecc. So it's just a one byte overflow. And it's happening some time after the port is opened, but before the relay descriptor is built. And it only seems to affect auto IPv6 ORPorts. Does the issue still happen if the IPv6 address is much shorter than the maximum length? For example, does "ORPort [::1]:auto" give you a port of 1? You might need to set some custom directory authorities to be allowed to listen on an internal address. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32588#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs