commit 709d7fba11482a7dae23aaecf8a5ec2bd78e47fb Author: David Goulet dgoulet@torproject.org Date: Tue Nov 19 11:10:13 2019 -0500
hs-v3: Return bad address SOCKS5 extended error
If ExtendedErrors is set for the SocksPort, an invalid .onion address now returns the 0xF6 error code per prop304.
Closes #30022
Signed-off-by: David Goulet dgoulet@torproject.org --- doc/tor.1.txt | 18 ++++++++++++------ src/core/or/connection_edge.c | 2 +- src/lib/net/socks5_status.h | 1 + 3 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index ed9efb6fc..7b4db386e 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1418,37 +1418,43 @@ The following options are useful only for clients (that is, if X'F0' Onion Service Descriptor Can Not be Found
The requested onion service descriptor can't be found on the - hashring and thus not reachable by the client. + hashring and thus not reachable by the client. (v3 only)
X'F1' Onion Service Descriptor Is Invalid
The requested onion service descriptor can't be parsed or - signature validation failed. + signature validation failed. (v3 only)
X'F2' Onion Service Introduction Failed
Client failed to introduce to the service meaning the descriptor was found but the service is not connected anymore to the introduction point. The service has likely changed its descriptor - or is not running. + or is not running. (v3 only)
X'F3' Onion Service Rendezvous Failed
Client failed to rendezvous with the service which means that the - client is unable to finalize the connection. + client is unable to finalize the connection. (v3 only)
X'F4' Onion Service Missing Client Authorization
Client was able to download the requested onion service descriptor but is unable to decrypt its content because it is missing client - authorization information. + authorization information. (v3 only)
X'F5' Onion Service Wrong Client Authorization
Client was able to download the requested onion service descriptor but is unable to decrypt its content using the client authorization information it has. This means the client access - were revoked. + were revoked. (v3 only) + + X'F6' Onion Service Invalid Address + + The given .onion address is invalid. In one of these cases this + error is returned: address checksum doesn't match, ed25519 public + key is invalid or the encoding is invalid. (v3 only)
// Anchor only for formatting, not visible in the man page. [[SocksPortFlagsMisc]]:: diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 4b4bcff2f..8ab9d7d26 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -2123,7 +2123,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s", escaped(socks->address)); if (addresstype == ONION_V3_HOSTNAME) { - conn->socks_request->socks_extended_error_code = SOCKS5_HS_IS_INVALID; + conn->socks_request->socks_extended_error_code = SOCKS5_HS_BAD_ADDRESS; } connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return -1; diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h index 47d9533d5..a2a479dd5 100644 --- a/src/lib/net/socks5_status.h +++ b/src/lib/net/socks5_status.h @@ -36,6 +36,7 @@ typedef enum { SOCKS5_HS_REND_FAILED = 0xF3, SOCKS5_HS_MISSING_CLIENT_AUTH = 0xF4, SOCKS5_HS_BAD_CLIENT_AUTH = 0xF5, + SOCKS5_HS_BAD_ADDRESS = 0xF6, } socks5_reply_status_t;
#endif /* !defined(TOR_SOCKS5_STATUS_H) */
tor-commits@lists.torproject.org