[tor-bugs] #31466 [Core Tor/Tor]: Consider demoting ".exit is disabled" log message to info
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 20 08:40:23 UTC 2019
#31466: Consider demoting ".exit is disabled" log message to info
--------------------------+------------------------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.2.x-final
Component: Core | Version:
Tor/Tor |
Severity: Normal | Keywords: bug-bounty hackerone tor-security?
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------+------------------------------------------------
{{{
/* Check for whether this is a .exit address. By default, those are
* disallowed when they're coming straight from the client, but you're
* allowed to have them in MapAddress commands and so forth. */
if (!strcmpend(socks->address, ".exit")) {
log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
"security risks.");
control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME
HOSTNAME=%s",
escaped(socks->address));
out->end_reason = END_STREAM_REASON_TORPROTOCOL;
out->should_close = 1;
return;
}
}}}
The above log message can be remotely triggered by websites and some
people consider this a security issue: https://github.com/brave/brave-
browser/issues/4629
This has also been reported to our h1 bug bounty program.
We should consider fixing this one particular instance, but I bet there is
more of this lying around.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31466>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list