[or-cvs] bugfix: we were whining about using socks4 or socks5-with-l...
arma at seul.org
arma at seul.org
Sat Sep 24 21:56:07 UTC 2005
Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or
Modified Files:
buffers.c connection_edge.c or.h
Log Message:
bugfix: we were whining about using socks4 or socks5-with-local-lookup
even when they used an IP in the "virtual" range we designed exactly
for this case.
Index: buffers.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/buffers.c,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -d -r1.169 -r1.170
--- buffers.c 30 Aug 2005 07:01:30 -0000 1.169
+++ buffers.c 24 Sep 2005 21:56:04 -0000 1.170
@@ -949,7 +949,8 @@
strlcpy(req->address,tmpbuf,sizeof(req->address));
req->port = ntohs(*(uint16_t*)(buf->cur+8));
buf_remove_from_front(buf, 10);
- if (!have_warned_about_unsafe_socks) {
+ if (!address_is_in_virtual_range(req->address) &&
+ !have_warned_about_unsafe_socks) {
log_fn(LOG_WARN,"Your application (using socks5 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS", req->port);
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
}
@@ -1019,7 +1020,9 @@
tor_assert(next < buf->cur+buf->datalen);
startaddr = NULL;
- if (socks4_prot != socks4a && !have_warned_about_unsafe_socks) {
+ if (socks4_prot != socks4a &&
+ !address_is_in_virtual_range(tmpbuf) &&
+ !have_warned_about_unsafe_socks) {
log_fn(LOG_WARN,"Your application (using socks4 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.", req->port);
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
}
Index: connection_edge.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.350
retrieving revision 1.351
diff -u -d -r1.350 -r1.351
--- connection_edge.c 23 Sep 2005 19:56:34 -0000 1.350
+++ connection_edge.c 24 Sep 2005 21:56:04 -0000 1.351
@@ -18,7 +18,6 @@
static smartlist_t *redirect_exit_list = NULL;
static int connection_ap_handshake_process_socks(connection_t *conn);
-static int address_is_in_virtual_range(const char *addr);
/** An AP stream has failed/finished. If it hasn't already sent back
* a socks reply, send one now (based on endreason). Also set
@@ -735,7 +734,7 @@
* Return true iff <b>addr</b> is likely to have been returned by
* client_dns_get_unused_address.
**/
-static int
+int
address_is_in_virtual_range(const char *addr)
{
struct in_addr in;
Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.695
retrieving revision 1.696
diff -u -d -r1.695 -r1.696
--- or.h 22 Sep 2005 06:34:29 -0000 1.695
+++ or.h 24 Sep 2005 21:56:04 -0000 1.696
@@ -783,7 +783,7 @@
int num_unreachable_notifications;
} routerinfo_t;
-/** Contents of a single per-router entry in a network status object.
+/** Contents of a single router entry in a network status object.
*/
typedef struct routerstatus_t {
time_t published_on; /**< When was this router published? */
@@ -1599,6 +1599,7 @@
int client_dns_incr_failures(const char *address);
void client_dns_clear_failures(const char *address);
void client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname, int ttl);
+int address_is_in_virtual_range(const char *addr);
const char *addressmap_register_virtual_address(int type, char *new_address);
void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires);
More information about the tor-commits
mailing list