nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a

Browse Source 
The logic was inverted. Introduced in commit
9155e08450.

This was reported through our bug bounty program on H1. It fixes the
TROVE-2022-002.

Fixes #40730

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2022-12-12 10:02:07 -05:00
parent b117ce48db
commit a282145b36
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/ticket40730 Normal file
View File

@ -0,0 +1,5 @@
o Major bugfixes (TROVE-2022-002, client):
- The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
40730; bugfix on 0.3.5.1-alpha.

2
src/core/proto/proto_socks.c
View File

@ -233,7 +233,7 @@ static socks_result_t
process_socks4_request(const socks_request_t *req, int is_socks4a, process_socks4_request(const socks_request_t *req, int is_socks4a,
int log_sockstype, int safe_socks) int log_sockstype, int safe_socks)
{ {
if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) {
log_unsafe_socks_warning(4, req->address, req->port, safe_socks); log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
if (safe_socks) if (safe_socks)