[tor-bugs] #22461 [Core Tor/Tor]: Tor emits inaccurate safesocks warning event whenever you visit a naked IP address

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 3 16:59:04 UTC 2017


#22461: Tor emits inaccurate safesocks warning event whenever you visit a naked IP
address
--------------------------+------------------------------------
 Reporter:  arma          |          Owner:
     Type:  defect        |         Status:  needs_review
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.2.6.2-alpha
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by arma):

 Replying to [comment:6 rl1987]:
 > Quick patch for this bug:
 https://github.com/rl1987/tor/commit/9e2f78092395d1250f08a21815ab1145409530eb

 I think we need to go farther. The patch above still refuses a naked IP
 address when it's presented using a safe socks version, and that's still a
 bug. I think we want this:
 {{{
 diff --git a/src/or/buffers.c b/src/or/buffers.c
 index 3692ed4..399b591 100644
 --- a/src/or/buffers.c
 +++ b/src/or/buffers.c
 @@ -1684,15 +1684,7 @@ parse_socks(const char *data, size_t datalen,
 socks_requ
 est_t *req,
            req->port = ntohs(get_uint16(data+5+len));
            *drain_out = 5+len+2;

 -          if (string_is_valid_ipv4_address(req->address) ||
 -              string_is_valid_ipv6_address(req->address)) {
 -
 log_unsafe_socks_warning(5,req->address,req->port,safe_socks);
 -
 -            if (safe_socks) {
 -              socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
 -              return -1;
 -            }
 -          } else if (!string_is_valid_hostname(req->address)) {
 +          if (!string_is_valid_hostname(req->address)) {
              socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);

              log_warn(LD_PROTOCOL,
 }}}
 plus fixing the unit tests.

 As a bonus (in a different commit hopefully), we could go down to the
 socks4 parsing section, where we do
 {{{
       if (!tor_strisprint(req->address) || strchr(req->address,'\"')) {
 }}}
 and replace that with a call to string_is_valid_hostname() so we match up
 with the socks5 behavior.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22461#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list