mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Respond meaningfully to HTTP requests on the control port. Fix #1667
(Squashed with bufferevents portions removed, by nickm)
This commit is contained in:
parent
884c0ffe3b
commit
417d778652
4
changes/bug1667
Normal file
4
changes/bug1667
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Minor features:
|
||||||
|
- If the control port is used as the HTTP proxy, responds with
|
||||||
|
a meaningful "This is the Tor control port" message, and logs
|
||||||
|
the event. Fixes bug 1667.
|
@ -2022,6 +2022,31 @@ parse_socks_client(const uint8_t *data, size_t datalen,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return true if <b>cmd</b> looks like a HTTP (proxy) request. */
|
||||||
|
int
|
||||||
|
peek_buf_has_http_command(buf_t *buf)
|
||||||
|
{
|
||||||
|
if (peek_buf_startswith(buf, "CONNECT ") ||
|
||||||
|
peek_buf_startswith(buf, "DELETE ") ||
|
||||||
|
peek_buf_startswith(buf, "GET ") ||
|
||||||
|
peek_buf_startswith(buf, "POST ") ||
|
||||||
|
peek_buf_startswith(buf, "PUT " ))
|
||||||
|
return 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Return 1 iff <b>buf</b> starts with <b>cmd</b>. <b>cmd</b> must be a null
|
||||||
|
* terminated string */
|
||||||
|
int
|
||||||
|
peek_buf_startswith(buf_t *buf, const char *cmd)
|
||||||
|
{
|
||||||
|
int clen = strlen(cmd);
|
||||||
|
if (buf->datalen >= clen)
|
||||||
|
if (!strncasecmp((buf->head)->data, cmd, (size_t) clen))
|
||||||
|
return 1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** Return 1 iff buf looks more like it has an (obsolete) v0 controller
|
/** Return 1 iff buf looks more like it has an (obsolete) v0 controller
|
||||||
* command on it than any valid v1 controller command. */
|
* command on it than any valid v1 controller command. */
|
||||||
int
|
int
|
||||||
|
@ -53,6 +53,8 @@ int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason);
|
|||||||
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);
|
int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);
|
||||||
|
|
||||||
int peek_buf_has_control0_command(buf_t *buf);
|
int peek_buf_has_control0_command(buf_t *buf);
|
||||||
|
int peek_buf_startswith(buf_t *buf, const char *cmd);
|
||||||
|
int peek_buf_has_http_command(buf_t *buf);
|
||||||
|
|
||||||
int fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out);
|
int fetch_ext_or_command_from_buf(buf_t *buf, ext_or_cmd_t **out);
|
||||||
|
|
||||||
|
@ -4882,6 +4882,12 @@ peek_connection_has_control0_command(connection_t *conn)
|
|||||||
return peek_buf_has_control0_command(conn->inbuf);
|
return peek_buf_has_control0_command(conn->inbuf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
peek_connection_has_http_command(connection_t *conn)
|
||||||
|
{
|
||||||
|
return peek_buf_has_http_command(conn->inbuf);
|
||||||
|
}
|
||||||
|
|
||||||
/** Called when data has arrived on a v1 control connection: Try to fetch
|
/** Called when data has arrived on a v1 control connection: Try to fetch
|
||||||
* commands from conn->inbuf, and execute them.
|
* commands from conn->inbuf, and execute them.
|
||||||
*/
|
*/
|
||||||
@ -4921,6 +4927,38 @@ connection_control_process_inbuf(control_connection_t *conn)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If the user has the HTTP proxy port and the control port confused. */
|
||||||
|
if (conn->_base.state == CONTROL_CONN_STATE_NEEDAUTH &&
|
||||||
|
peek_connection_has_http_command(TO_CONN(conn))) {
|
||||||
|
connection_write_str_to_buf("HTTP/1.0 501 Tor ControlPort is not a proxy"
|
||||||
|
"\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n"
|
||||||
|
"<html>\n"
|
||||||
|
"<head>\n"
|
||||||
|
"<title>Tor's ControlPort is not proxy</title>\n"
|
||||||
|
"</head>\n"
|
||||||
|
"<body>\n"
|
||||||
|
"<h1>Tor's ControlPort is not a proxy</h1>\n"
|
||||||
|
"<p>\n"
|
||||||
|
"It appears you have configured your web browser to use Tor's control port"
|
||||||
|
" as an HTTP proxy.\n"
|
||||||
|
"This is not correct: Tor's default SOCKS proxy port is 9050.\n"
|
||||||
|
"Please configure your client accordingly.\n"
|
||||||
|
"</p>\n"
|
||||||
|
"<p>\n"
|
||||||
|
"See <a href=\"https://www.torproject.org/documentation.html\">"
|
||||||
|
"https://www.torproject.org/documentation.html</a> for more "
|
||||||
|
"information.\n"
|
||||||
|
"<!-- Plus this comment, to make the body response more than 512 bytes, so "
|
||||||
|
" IE will be willing to display it. Comment comment comment comment "
|
||||||
|
" comment comment comment comment comment comment comment comment.-->\n"
|
||||||
|
"</p>\n"
|
||||||
|
"</body>\n"
|
||||||
|
"</html>\n", conn);
|
||||||
|
log_notice(LD_CONTROL, "Received HTTP request on ControlPort");
|
||||||
|
connection_mark_and_flush(TO_CONN(conn));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
again:
|
again:
|
||||||
while (1) {
|
while (1) {
|
||||||
size_t last_idx;
|
size_t last_idx;
|
||||||
|
Loading…
Reference in New Issue
Block a user