nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

If the socks handshake hasn't started, don't send a

Browse Source 
"DNS resolve socks failed" handshake reply; just close it.


svn:r9437
This commit is contained in:
Roger Dingledine 2007-01-27 18:56:13 +00:00
parent baeeadb6eb
commit 283c61e5d5
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -36,6 +36,8 @@ Changes in version 0.1.2.7-alpha - 2007-??-??
- Expire socks connections if they spend too long waiting for the - Expire socks connections if they spend too long waiting for the
handshake to finish. Previously we would let them sit around for handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either. days, if the connecting application didn't close them either.
- And if the socks handshake hasn't started, don't send a
"DNS resolve socks failed" handshake reply; just close it.
- Stop using C functions that OpenBSD's linker doesn't like. - Stop using C functions that OpenBSD's linker doesn't like.
- Detect and reject DNS replies containing IPv4 or IPv6 records with - Detect and reject DNS replies containing IPv4 or IPv6 records with
an incorrect number of bytes. (Previously, we would ignore the an incorrect number of bytes. (Previously, we would ignore the

10
src/or/connection_edge.c
View File

@ -380,8 +380,9 @@ connection_ap_expire_beginning(void)
if (conn->_base.state == AP_CONN_STATE_SOCKS_WAIT) { if (conn->_base.state == AP_CONN_STATE_SOCKS_WAIT) {
/* extra debugging */ /* extra debugging */
log_fn(severity, LD_APP, log_fn(severity, LD_APP,
"Hints: inbuf len %lu, socks: version %d, command %d, " "Hints: is_reading %d, inbuf len %lu, socks: version %d, "
"has_finished %d, address %s, port %d.", "command %d, has_finished %d, address %s, port %d.",
connection_is_reading(TO_CONN(conn)),
(unsigned long)buf_datalen(conn->_base.inbuf), (unsigned long)buf_datalen(conn->_base.inbuf),
(int)conn->socks_request->socks_version, (int)conn->socks_request->socks_version,
conn->socks_request->command, conn->socks_request->command,
@ -1958,7 +1959,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
memset(buf+2, 0, 6); memset(buf+2, 0, 6);
replylen = SOCKS4_NETWORK_LEN; replylen = SOCKS4_NETWORK_LEN;
} }
} else { } else if (conn->socks_request->socks_version == 5) {
/* SOCKS5 */ /* SOCKS5 */
buf[0] = 0x05; /* version */ buf[0] = 0x05; /* version */
if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) { if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
@ -1988,6 +1989,9 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
memset(buf+2, 0, 8); memset(buf+2, 0, 8);
replylen = 10; replylen = 10;
} }
} else {
/* no socks version info; don't send anything back */
return;
} }
connection_ap_handshake_socks_reply(conn, buf, replylen, connection_ap_handshake_socks_reply(conn, buf, replylen,
(answer_type == RESOLVED_TYPE_IPV4 || (answer_type == RESOLVED_TYPE_IPV4 ||