client bug in 0.2.2.7-alpha and a new bad exit: exoassist

Wed Feb 3 18:53:45 UTC 2010

> Date: Sun, 31 Jan 2010 20:58:46 -0600
> From: bennett at cs.niu.edu
> To: or-talk at seul.org
> Subject: client bug in 0.2.2.7-alpha and a new bad exit:  exoassist

>      So it appears that a) there is a new tor client bug in 0.2.2.7-alpha that 
> leaves the "exoassist.exit" in the name passed along from its SOCKS listener
> to the destination port 

I understand better now. Here's the problem, also in 0.2.2.8-alpha:
  2926  parse_extended_hostname(char *address, int allowdotexit)
  2927  {
  2928      char *s;
  2929      char query[REND_SERVICE_ID_LEN_BASE32+1];
  2930
  2931      s = strrchr(address,'.');
  2932      if (!s)
  2933        return NORMAL_HOSTNAME; /* no dot, thus normal */
  2934      if (!strcmp(s+1,"exit")) {
  2935        if (allowdotexit) {
  2936          *s = 0; /* NUL-terminate it */
  2937          return EXIT_HOSTNAME; /* .exit */
  2938        } /* else */
  2939        log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
  2940                 "security risks. Set AllowDotExit in your torrc to enable it.");
  2941        /* FFFF send a controller event too to notify Vidalia users */
  2942      }
  2943      if (strcmp(s+1,"onion"))
  2944        'return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */

There's no 'return BAD_HOSTNAME' after the 'log_warn', so it's falling through to 'return NORMAL_HOSTNAME' and also not null-teminating the string.
GD

_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/201469229/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100203/bb965f3d/attachment.htm>