nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 06:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

warn if we use an unsafe socks variant

Browse Source 
for now, warn every time. we should decide how often we want to warn;
one problem here is that there are several scenarios where we use an
unsafe socks variant safely, so the warning may be inaccurate. hm.


svn:r2126
This commit is contained in:
Roger Dingledine 2004-08-03 23:42:33 +00:00
parent 849e998ac6
commit 8cb4124121
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/or/buffers.c
View File

@ -409,6 +409,10 @@ int fetch_from_buf_http(buf_t *buf,
return 1; return 1;
} }
/** If the user connects with socks4 or the wrong variant of socks5,
* then log one warning to let him know that it might be unwise. */
static int have_warned_about_unsafe_socks = 0;
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms * of the forms
* - socks4: "socksheader username\\0" * - socks4: "socksheader username\\0"
@ -480,6 +484,10 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
log_fn(LOG_DEBUG,"socks5: ipv4 address type"); log_fn(LOG_DEBUG,"socks5: ipv4 address type");
if(buf->datalen < 10) /* ip/port there? */ if(buf->datalen < 10) /* ip/port there? */
return 0; /* not yet */ return 0; /* not yet */
if(!have_warned_about_unsafe_socks) {
log_fn(LOG_WARN,"Your application is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.");
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
}
destip = ntohl(*(uint32_t*)(buf->mem+4)); destip = ntohl(*(uint32_t*)(buf->mem+4));
in.s_addr = htonl(destip); in.s_addr = htonl(destip);
tmpbuf = inet_ntoa(in); tmpbuf = inet_ntoa(in);
@ -556,6 +564,10 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) {
} }
startaddr = next+1; startaddr = next+1;
if(socks4_prot != socks4a && !have_warned_about_unsafe_socks) {
log_fn(LOG_WARN,"Your application is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.");
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
}
if(socks4_prot == socks4a) { if(socks4_prot == socks4a) {
next = memchr(startaddr, 0, buf->mem+buf->datalen-startaddr); next = memchr(startaddr, 0, buf->mem+buf->datalen-startaddr);
if(!next) { if(!next) {