If the socks handshake hasn't started, don't send a

"DNS resolve socks failed" handshake reply; just close it. svn:r9437
2024-09-20 04:56:21 +02:00 · 2007-01-27 18:56:13 +00:00 · 2007-01-27 18:56:13 +00:00 · 283c61e5d5
commit 283c61e5d5
parent baeeadb6eb
2 changed files with 9 additions and 3 deletions
--- a/2
+++ b/2
@ -36,6 +36,8 @@ Changes in version 0.1.2.7-alpha - 2007-??-??
    - Expire socks connections if they spend too long waiting for the
      handshake to finish. Previously we would let them sit around for
      days, if the connecting application didn't close them either.
+    - And if the socks handshake hasn't started, don't send a
+      "DNS resolve socks failed" handshake reply; just close it.
    - Stop using C functions that OpenBSD's linker doesn't like.
    - Detect and reject DNS replies containing IPv4 or IPv6 records with
      an incorrect number of bytes. (Previously, we would ignore the
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -380,8 +380,9 @@ connection_ap_expire_beginning(void)
          if (conn->_base.state == AP_CONN_STATE_SOCKS_WAIT) {
            /* extra debugging */
            log_fn(severity, LD_APP,
-                   "Hints: inbuf len %lu, socks: version %d, command %d, "
-                   "has_finished %d, address %s, port %d.",
+                   "Hints: is_reading %d, inbuf len %lu, socks: version %d, "
+                   "command %d, has_finished %d, address %s, port %d.",
+                   connection_is_reading(TO_CONN(conn)),
                   (unsigned long)buf_datalen(conn->_base.inbuf),
                   (int)conn->socks_request->socks_version,
                   conn->socks_request->command,
@ -1958,7 +1959,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
      memset(buf+2, 0, 6);
      replylen = SOCKS4_NETWORK_LEN;
    }
-  } else {
+  } else if (conn->socks_request->socks_version == 5) {
    /* SOCKS5 */
    buf[0] = 0x05; /* version */
    if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
@ -1988,6 +1989,9 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
      memset(buf+2, 0, 8);
      replylen = 10;
    }
+  } else {
+    /* no socks version info; don't send anything back */
+    return;
  }
  connection_ap_handshake_socks_reply(conn, buf, replylen,
          (answer_type == RESOLVED_TYPE_IPV4 ||