[tor-commits] [tor/master] Handle binary IPv6 addresses and bracketed strings in RESOLVE_PTR.

Fri Jan 17 13:51:32 UTC 2020

commit 4e4c4e72d74d66181bec537fc00a8af92be0a0af
Author: liberat <liberat at disroot.org>
Date:   Mon Nov 11 15:08:36 2019 +0000

    Handle binary IPv6 addresses and bracketed strings in RESOLVE_PTR.
    
    When a SOCKS5 client sends a RESOLVE_PTR request, it must include
    either an IPv4 or IPv6 address.  In the past this was required to be a
    binary address (address types 1 or 4), but since the refactoring of
    SOCKS5 support in Tor 0.3.5.1-alpha, strings (address type 3) are also
    allowed if they represent an IPv4 or IPv6 literal.
    
    However, when a binary IPv6 address is provided,
    parse_socks5_client_request converts it into a string enclosed in
    brackets.  This doesn't match what string_is_valid_ipv6_address
    expects, so this would fail with the error "socks5 received
    RESOLVE_PTR command with hostname type. Rejecting."
    
    By replacing string_is_valid_ipv4_address/string_is_valid_ipv6_address
    with tor_addr_parse, we accept strings both with and without brackets.
    This fixes the handling of binary addresses, and also improves
    symmetry with CONNECT and RESOLVE requests.
    
    Fixes bug 32315.
---
 changes/bug32315             | 4 ++++
 src/core/proto/proto_socks.c | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/changes/bug32315 b/changes/bug32315
new file mode 100644
index 000000000..9b48d8259
--- /dev/null
+++ b/changes/bug32315
@@ -0,0 +1,4 @@
+  o Major bugfixes (networking):
+    - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
+      and accept strings as well as binary addresses. Fixes bug 32315;
+      bugfix on Tor 0.3.5.1-alpha.
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index 8b78ed44c..17f1fc0e5 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -615,6 +615,7 @@ process_socks5_client_request(socks_request_t *req,
                               int safe_socks)
 {
   socks_result_t res = SOCKS_RESULT_DONE;
+  tor_addr_t tmpaddr;
 
   if (req->command != SOCKS_COMMAND_CONNECT &&
       req->command != SOCKS_COMMAND_RESOLVE &&
@@ -625,11 +626,10 @@ process_socks5_client_request(socks_request_t *req,
   }
 
   if (req->command == SOCKS_COMMAND_RESOLVE_PTR &&
-      !string_is_valid_ipv4_address(req->address) &&
-      !string_is_valid_ipv6_address(req->address)) {
+      tor_addr_parse(&tmpaddr, req->address) < 0) {
     socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
     log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
-                     "hostname type. Rejecting.");
+                     "a malformed address. Rejecting.");
 
     res = SOCKS_RESULT_INVALID;
     goto end;



