commit 8aedc589edf78a75092868192869fe84b5a53816 Author: David Goulet dgoulet@torproject.org Date: Tue Apr 25 14:08:40 2017 -0400

config: Remove WarnUnsafeSocks option

Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet dgoulet@torproject.org --- changes/bug22060 | 2 ++ doc/tor.1.txt | 6 ------ src/or/buffers.c | 5 +---- src/or/config.c | 4 +--- src/or/or.h | 4 ---- 5 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/changes/bug22060 b/changes/bug22060 index 5b06427..e7d14b0 100644 --- a/changes/bug22060 +++ b/changes/bug22060 @@ -15,3 +15,5 @@ - CloseHSServiceRendCircuitsImmediatelyOnTimeout was deprecated in 0.2.9.2-alpha and now has been rendered obsolete. Code has been removed and feature no longer exists. + - WarnUnsafeSocks was deprecated in 0.2.9.2-alpha and now has been + rendered obsolete. Code has been removed and feature no longer exists. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 03943c9..590ded3 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1271,12 +1271,6 @@ The following options are useful only for clients (that is, if helps to determine whether an application using Tor is possibly leaking DNS requests. (Default: 0)

-[[WarnUnsafeSocks]] **WarnUnsafeSocks** **0**|**1**:: - When this option is enabled, Tor will warn whenever a request is - received that only contains an IP address instead of a hostname. Allowing - applications to do DNS resolves themselves is usually a bad idea and - can leak your location to attackers. (Default: 1) - [[VirtualAddrNetworkIPv4]] **VirtualAddrNetworkIPv4** __Address__/__bits__ +

[[VirtualAddrNetworkIPv6]] **VirtualAddrNetworkIPv6** [__Address__]/__bits__:: diff --git a/src/or/buffers.c b/src/or/buffers.c index 4f22935..58cfdee 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1319,7 +1319,7 @@ fetch_from_buf_http(buf_t *buf,

/** * Wait this many seconds before warning the user about using SOCKS unsafely - * again (requires that WarnUnsafeSocks is turned on). */ + * again. */ #define SOCKS_WARN_INTERVAL 5

/** Warn that the user application has made an unsafe socks request using @@ -1331,9 +1331,6 @@ log_unsafe_socks_warning(int socks_protocol, const char *address, { static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);

- const or_options_t *options = get_options(); - if (! options->WarnUnsafeSocks) - return; if (safe_socks) { log_fn_ratelim(&socks_ratelim, LOG_WARN, LD_APP, "Your application (using socks%d to port %d) is giving " diff --git a/src/or/config.c b/src/or/config.c index 5b69329..1af554a 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -402,7 +402,7 @@ static config_var_t option_vars_[] = { VPORT(NATDPort), V(Nickname, STRING, NULL), V(PredictedPortsRelevanceTime, INTERVAL, "1 hour"), - V(WarnUnsafeSocks, BOOL, "1"), + OBSOLETE("WarnUnsafeSocks"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCPUs, UINT, "0"), V(NumDirectoryGuards, UINT, "0"), @@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = { "a wide variety of application-level attacks." }, { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " "easier to fingerprint, and may open you to esoteric attacks." }, - { "WarnUnsafeSocks", "Changing this option makes it easier for you " - "to accidentally lose your anonymity by leaking DNS information" }, { "TLSECGroup", "The default is a nice secure choice; the other option " "is less secure." }, { "ControlListenAddress", "Use ControlPort instead." }, diff --git a/src/or/or.h b/src/or/or.h index 1cdfd1b..da32850 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4110,10 +4110,6 @@ typedef struct { * selection. */ int AllowDotExit;

- /** If true, we will warn if a user gives us only an IP address - * instead of a hostname. */ - int WarnUnsafeSocks; - /** If true, we're configured to collect statistics on clients * requesting network statuses from us as directory. */ int DirReqStatistics_option;