[tor-bugs] #3940 [Core Tor/Tor]: Allow MapAddress .exit even if AllowDotExit is 0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 18 03:13:48 UTC 2018
#3940: Allow MapAddress .exit even if AllowDotExit is 0
-----------------------------------+------------------------------------
Reporter: sjmurdoch | Owner: (none)
Type: defect | Status: reopened
Priority: High | Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor | Version: Tor: 0.2.2.32
Severity: Blocker | Resolution:
Keywords: regression tor-client | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------------------
Comment (by fuzzyTew):
Note that although the comment on the code I removed states it is
preventing .exit domains that have come from users, actually it is
preventing automapped mapaddresses. User-provided .exit domains are
blocked on line 1247 of src/or/connection_edge.c:
{{{
/* Check for whether this is a .exit address. By default, those are
* disallowed when they're coming straight from the client, but you're
* allowed to have them in MapAddress commands and so forth. */
if (!strcmpend(socks->address, ".exit")) {
log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
"security risks.");
control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME
HOSTNAME=%s",
escaped(socks->address));
out->end_reason = END_STREAM_REASON_TORPROTOCOL;
out->should_close = 1;
return;
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3940#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list