Disable extending to private/internal addresses by default

This is important, since otherwise an attacker can use timing info to probe the internal network. Also, add an option (ExtendAllowPrivateAddresses) so that TestingTorNetwork won't break. Fix for bug 6710; bugfix on all released versions of Tor.
author: Nick Mathewson <nickm@torproject.org> 2012-08-27 11:16:44 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-08-27 11:19:29 -0400
commit: b7c172c9ec762363562220a354feefc521970d7c (patch)
tree: d4262db650b35abda2600b0fa284a7133882861f /changes
parent: ce4add498f6af197a0e856d262825d547f898305 (diff)
download: tor-b7c172c9ec762363562220a354feefc521970d7c.tar
tor-b7c172c9ec762363562220a354feefc521970d7c.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/bug6710 b/changes/bug6710
new file mode 100644
index 000000000..69a3c7ef4
--- /dev/null
+++ b/changes/bug6710
@@ -0,0 +1,7 @@
+  o Major bugfixes (security):
+    - Reject any attempt to extend to an internal address. Without
+      this fix, a router could be used to probe addresses on an
+      internal network to see whether they were accepting
+      connections. Fix for bug 6710; bugfix on all released versions
+      of Tor.
+
author	Nick Mathewson <nickm@torproject.org>	2012-08-27 11:16:44 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-08-27 11:19:29 -0400
commit	b7c172c9ec762363562220a354feefc521970d7c (patch)
tree	d4262db650b35abda2600b0fa284a7133882861f /changes
parent	ce4add498f6af197a0e856d262825d547f898305 (diff)
download	tor-b7c172c9ec762363562220a354feefc521970d7c.tar tor-b7c172c9ec762363562220a354feefc521970d7c.tar.gz