From d3224bad42957bf2e1751c7a1731c8956e003530 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 27 Aug 2007 15:33:58 +0000 Subject: r14227@Kushana: nickm | 2007-08-27 11:33:28 -0400 Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address. This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort. Also clarify behavior in some comments. Backport candiate? svn:r11287 --- src/or/or.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/or/or.h') diff --git a/src/or/or.h b/src/or/or.h index 3c8842541..aded80613 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -191,7 +191,8 @@ #define DEFAULT_DNS_TTL (30*60) /** How long can a TTL be before we stop believing it? */ #define MAX_DNS_TTL (3*60*60) -/** How small can a TTL be before we stop believing it? */ +/** How small can a TTL be before we stop believing it? Provides rudimentary + * pinning. */ #define MIN_DNS_TTL (60) /** How often do we rotate onion keys? */ @@ -2093,6 +2094,11 @@ typedef struct { * if we are a cache). For authorities, this is always true. */ int DownloadExtraInfo; + /** If true, do not believe anybody who tells us that a domain resolves + * to an internal address, or that an internal address has a PTR mapping. + * Helps avoid some cross-site attacks. */ + int ClientDNSRejectInternalAddresses; + /** The length of time that we think a consensus should be fresh. */ int V3AuthVotingInterval; /** The length of time we think it will take to distribute votes */ -- cgit v1.2.3