nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote branch 'origin/maint-0.2.2'

Browse Source 
Conflicts:
	src/or/buffers.c
This commit is contained in:
Nick Mathewson 2010-11-15 15:37:23 -05:00
commit 9399b885cd
2 changed files with 41 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/bug2000 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes:
- Rate-limit the "your application is giving Tor only an IP address"
warning. Fixes bug 2000; bugfix on 0.0.8pre2.

73
src/or/buffers.c
View File

@ -1438,6 +1438,39 @@ fetch_from_evbuffer_http(struct evbuffer *buf,
} }
#endif #endif
/**
* Wait this many seconds before warning the user about using SOCKS unsafely
* again (requires that WarnUnsafeSocks is turned on). */
#define SOCKS_WARN_INTERVAL 5
/** Warn that the user application has made an unsafe socks request using
* protocol <b>socks_protocol</b> on port <b>port</b>. Don't warn more than
* once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
static void
log_unsafe_socks_warning(int socks_protocol, uint16_t port, int safe_socks)
{
static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);
or_options_t *options = get_options();
char *m = NULL;
if (! options->WarnUnsafeSocks)
return;
if (safe_socks || (m = rate_limit_log(&socks_ratelim, approx_time()))) {
log_warn(LD_APP,
"Your application (using socks%d to port %d) is giving "
"Tor only an IP address. Applications that do DNS resolves "
"themselves may leak information. Consider using Socks4A "
"(e.g. via privoxy or socat) instead. For more information, "
"please see https://wiki.torproject.org/TheOnionRouter/"
"TorFAQ#SOCKSAndDNS.%s%s",
socks_protocol,
(int)port,
safe_socks ? " Rejecting." : "",
m ? m : "");
tor_free(m);
}
}
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms * of the forms
* - socks4: "socksheader username\\0" * - socks4: "socksheader username\\0"
@ -1598,10 +1631,6 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
char *next, *startaddr; char *next, *startaddr;
struct in_addr in; struct in_addr in;
/* If the user connects with socks4 or the wrong variant of socks5,
* then log a warning to let him know that it might be unwise. */
static int have_warned_about_unsafe_socks = 0;
socksver = *data; socksver = *data;
switch (socksver) { /* which version of socks? */ switch (socksver) { /* which version of socks? */
@ -1679,23 +1708,11 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
req->port = ntohs(get_uint16(data+4+addrlen)); req->port = ntohs(get_uint16(data+4+addrlen));
*drain_out = 6+addrlen; *drain_out = 6+addrlen;
if (req->command != SOCKS_COMMAND_RESOLVE_PTR && if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
!addressmap_have_mapping(req->address,0) && !addressmap_have_mapping(req->address,0)) {
!have_warned_about_unsafe_socks) { log_unsafe_socks_warning(5, req->port, safe_socks);
if (get_options()->WarnUnsafeSocks) {
log_warn(LD_APP,
"Your application (using socks5 to port %d) is giving "
"Tor only an IP address. Applications that do DNS resolves "
"themselves may leak information. Consider using Socks4A "
"(e.g. via privoxy or socat) instead. For more information, "
"please see https://wiki.torproject.org/TheOnionRouter/"
"TorFAQ#SOCKSAndDNS.%s", req->port,
safe_socks ? " Rejecting." : "");
/*have_warned_about_unsafe_socks = 1;*/
/*(for now, warn every time)*/
control_event_client_status(LOG_WARN, control_event_client_status(LOG_WARN,
"DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d", "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
req->address, req->port); req->address, req->port);
}
if (safe_socks) if (safe_socks)
return -1; return -1;
} }
@ -1798,23 +1815,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
startaddr = NULL; startaddr = NULL;
if (socks4_prot != socks4a && if (socks4_prot != socks4a &&
!addressmap_have_mapping(tmpbuf,0) && !addressmap_have_mapping(tmpbuf,0)) {
!have_warned_about_unsafe_socks) { log_unsafe_socks_warning(4, req->port, safe_socks);
if (get_options()->WarnUnsafeSocks) {
log_warn(LD_APP,
"Your application (using socks4 to port %d) is giving Tor "
"only an IP address. Applications that do DNS resolves "
"themselves may leak information. Consider using Socks4A "
"(e.g. via privoxy or socat) instead. For more information, "
"please see https://wiki.torproject.org/TheOnionRouter/"
"TorFAQ#SOCKSAndDNS.%s", req->port,
safe_socks ? " Rejecting." : "");
/*have_warned_about_unsafe_socks = 1;*/
/*(for now, warn every time)*/
control_event_client_status(LOG_WARN,
"DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
tmpbuf, req->port);
}
if (safe_socks) if (safe_socks)
return -1; return -1;
} }