nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle binary IPv6 addresses and bracketed strings in RESOLVE_PTR.

Browse Source 
When a SOCKS5 client sends a RESOLVE_PTR request, it must include
either an IPv4 or IPv6 address.  In the past this was required to be a
binary address (address types 1 or 4), but since the refactoring of
SOCKS5 support in Tor 0.3.5.1-alpha, strings (address type 3) are also
allowed if they represent an IPv4 or IPv6 literal.

However, when a binary IPv6 address is provided,
parse_socks5_client_request converts it into a string enclosed in
brackets.  This doesn't match what string_is_valid_ipv6_address
expects, so this would fail with the error "socks5 received
RESOLVE_PTR command with hostname type. Rejecting."

By replacing string_is_valid_ipv4_address/string_is_valid_ipv6_address
with tor_addr_parse, we accept strings both with and without brackets.
This fixes the handling of binary addresses, and also improves
symmetry with CONNECT and RESOLVE requests.

Fixes bug 32315.
This commit is contained in:
liberat 2019-11-11 15:08:36 +00:00
parent 1bde356bf6
commit 4e4c4e72d7
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug32315 Normal file
View File

@ -0,0 +1,4 @@
o Major bugfixes (networking):
- Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests,
and accept strings as well as binary addresses. Fixes bug 32315;
bugfix on Tor 0.3.5.1-alpha.

6
src/core/proto/proto_socks.c
View File

@ -615,6 +615,7 @@ process_socks5_client_request(socks_request_t *req,
int safe_socks)
{
socks_result_t res = SOCKS_RESULT_DONE;
tor_addr_t tmpaddr;
if (req->command != SOCKS_COMMAND_CONNECT &&
req->command != SOCKS_COMMAND_RESOLVE &&
@ -625,11 +626,10 @@ process_socks5_client_request(socks_request_t *req,
}
if (req->command == SOCKS_COMMAND_RESOLVE_PTR &&
!string_is_valid_ipv4_address(req->address) &&
!string_is_valid_ipv6_address(req->address)) {
tor_addr_parse(&tmpaddr, req->address) < 0) {
socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED);
log_warn(LD_APP, "socks5 received RESOLVE_PTR command with "
"hostname type. Rejecting.");
"a malformed address. Rejecting.");
res = SOCKS_RESULT_INVALID;
goto end;