From d8195e41286c61fcf0b75ad86804f05932d77b8a Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sun, 19 Mar 2006 01:44:53 +0000 Subject: [PATCH] Implement Jason Holt's SafeSocks config option. Also put a URL in the warning message for unsafe socks4 use -- previously we'd only had the URL for unsafe socks5 use. Oops. svn:r6190 --- src/or/buffers.c | 17 ++++++++++++++--- src/or/config.c | 1 + src/or/or.h | 5 ++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/or/buffers.c b/src/or/buffers.c index f07dc7d233..456b1e1b7b 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -897,11 +897,14 @@ fetch_from_buf_http(buf_t *buf, * If log_sockstype is non-zero, then do a notice-level log of whether * the connection is possibly leaking DNS requests locally or not. * + * If safe_socks is true, then reject unsafe socks protocols. + * * If returning 0 or -1, req->address and req->port are * undefined. */ int -fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype) +fetch_from_buf_socks(buf_t *buf, socks_request_t *req, + int log_sockstype, int safe_socks) { unsigned char len; char tmpbuf[INET_NTOA_BUF_LEN]; @@ -984,8 +987,11 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype) "themselves may leak information. Consider using Socks4A " "(e.g. via privoxy or socat) instead. For more information, " "please see http://wiki.noreply.org/noreply/TheOnionRouter/" - "TorFAQ#SOCKSAndDNS", req->port); + "TorFAQ#SOCKSAndDNS.%s", req->port, + safe_socks ? " Rejecting." : ""); // have_warned_about_unsafe_socks = 1; // (for now, warn every time) + if (safe_socks) + return -1; } return 1; case 3: /* fqdn */ @@ -1075,8 +1081,13 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype) "Your application (using socks4 on port %d) is giving Tor " "only an IP address. Applications that do DNS resolves " "themselves may leak information. Consider using Socks4A " - "(e.g. via privoxy or socat) instead.", req->port); + "(e.g. via privoxy or socat) instead. For more information, " + "please see http://wiki.noreply.org/noreply/TheOnionRouter/" + "TorFAQ#SOCKSAndDNS.%s", req->port, + safe_socks ? " Rejecting." : ""); // have_warned_about_unsafe_socks = 1; // (for now, warn every time) + if (safe_socks) + return -1; } if (socks4_prot == socks4a) { if (next+1 == buf->cur+buf->datalen) { diff --git a/src/or/config.c b/src/or/config.c index 99b010e91c..e45684a0d9 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -218,6 +218,7 @@ static config_var_t _option_vars[] = { VAR("RunAsDaemon", BOOL, RunAsDaemon, "0"), VAR("RunTesting", BOOL, RunTesting, "0"), VAR("SafeLogging", BOOL, SafeLogging, "1"), + VAR("SafeSocks", BOOL, SafeSocks, "0"), VAR("ShutdownWaitLength", INTERVAL, ShutdownWaitLength, "30 seconds"), VAR("SocksListenAddress", LINELIST, SocksListenAddress, NULL), VAR("SocksPolicy", LINELIST, SocksPolicy, NULL), diff --git a/src/or/or.h b/src/or/or.h index 39d4072a4f..634e5ca3b2 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1379,6 +1379,8 @@ typedef struct { * long do we wait before exiting? */ int SafeLogging; /**< Boolean: are we allowed to log sensitive strings * such as addresses (0), or do we scrub them first (1)? */ + int SafeSocks; /**< Boolean: should we outright refuse application + * connections that use socks4 or socks5-with-local-dns? */ #define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? \ LOG_WARN : LOG_INFO) int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor @@ -1471,7 +1473,8 @@ int fetch_from_buf_http(buf_t *buf, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete); -int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype); +int fetch_from_buf_socks(buf_t *buf, socks_request_t *req, + int log_sockstype, int safe_socks); int fetch_from_buf_control0(buf_t *buf, uint32_t *len_out, uint16_t *type_out, char **body_out, int check_for_v1); int fetch_from_buf_line(buf_t *buf, char *data_out, size_t *data_len);