Allow IPv6 address strings to be used as hostnames in SOCKS5 requests

This commit is contained in:
rl1987 2018-02-11 15:22:41 +01:00 committed by Nick Mathewson
parent ddee28a3c9
commit 0e453929d2
4 changed files with 19 additions and 6 deletions

View File

@ -1071,6 +1071,17 @@ string_is_valid_ipv6_address(const char *string)
return (tor_inet_pton(AF_INET6,string,&addr) == 1); return (tor_inet_pton(AF_INET6,string,&addr) == 1);
} }
/** Return true iff <b>string</b> is a valid destination address,
* i.e. either a DNS hostname or IPv4/IPv6 address string.
*/
int
string_is_valid_dest(const char *string)
{
return string_is_valid_ipv4_address(string) ||
string_is_valid_ipv6_address(string) ||
string_is_valid_hostname(string);
}
/** Return true iff <b>string</b> matches a pattern of DNS names /** Return true iff <b>string</b> matches a pattern of DNS names
* that we allow Tor clients to connect to. * that we allow Tor clients to connect to.
* *

View File

@ -233,6 +233,7 @@ const char *find_str_at_start_of_line(const char *haystack,
const char *needle); const char *needle);
int string_is_C_identifier(const char *string); int string_is_C_identifier(const char *string);
int string_is_key_value(int severity, const char *string); int string_is_key_value(int severity, const char *string);
int string_is_valid_dest(const char *string);
int string_is_valid_hostname(const char *string); int string_is_valid_hostname(const char *string);
int string_is_valid_ipv4_address(const char *string); int string_is_valid_ipv4_address(const char *string);
int string_is_valid_ipv6_address(const char *string); int string_is_valid_ipv6_address(const char *string);

View File

@ -393,7 +393,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
req->port = ntohs(get_uint16(data+5+len)); req->port = ntohs(get_uint16(data+5+len));
*drain_out = 5+len+2; *drain_out = 5+len+2;
if (!string_is_valid_hostname(req->address)) { if (!string_is_valid_dest(req->address)) {
socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
log_warn(LD_PROTOCOL, log_warn(LD_PROTOCOL,
@ -518,7 +518,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
log_debug(LD_APP,"socks4: Everything is here. Success."); log_debug(LD_APP,"socks4: Everything is here. Success.");
strlcpy(req->address, startaddr ? startaddr : tmpbuf, strlcpy(req->address, startaddr ? startaddr : tmpbuf,
sizeof(req->address)); sizeof(req->address));
if (!string_is_valid_hostname(req->address)) { if (!string_is_valid_dest(req->address)) {
log_warn(LD_PROTOCOL, log_warn(LD_PROTOCOL,
"Your application (using socks4 to port %d) gave Tor " "Your application (using socks4 to port %d) gave Tor "
"a malformed hostname: %s. Rejecting the connection.", "a malformed hostname: %s. Rejecting the connection.",

View File

@ -347,17 +347,18 @@ test_socks_5_supported_commands(void *ptr)
socks_request_clear(socks); socks_request_clear(socks);
/* SOCKS 5 should NOT reject RESOLVE [F0] reject for IPv6 address /* SOCKS 5 should NOT reject RESOLVE [F0] request for IPv6 address
* string if SafeSocks is enabled. */ * string if SafeSocks is enabled. */
ADD_DATA(buf, "\x05\x01\x00"); ADD_DATA(buf, "\x05\x01\x00");
ADD_DATA(buf, "\x05\xF0\x00\x03\x27"); ADD_DATA(buf, "\x05\xF0\x00\x03\x29");
ADD_DATA(buf, "2001:0db8:85a3:0000:0000:8a2e:0370:7334"); ADD_DATA(buf, "[2001:0db8:85a3:0000:0000:8a2e:0370:7334]");
ADD_DATA(buf, "\x01\x02"); ADD_DATA(buf, "\x01\x02");
tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1), tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, 1),
OP_EQ, -1); OP_EQ, -1);
tt_str_op("2001:0db8:85a3:0000:0000:8a2e:0370:7334", OP_EQ, socks->address); tt_str_op("[2001:0db8:85a3:0000:0000:8a2e:0370:7334]", OP_EQ,
socks->address);
tt_int_op(258, OP_EQ, socks->port); tt_int_op(258, OP_EQ, socks->port);
tt_int_op(0, OP_EQ, buf_datalen(buf)); tt_int_op(0, OP_EQ, buf_datalen(buf));