nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-28 06:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

hs-v2: Disable SOCKS connection for v2 addresses

Browse Source 
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.

Part of #40476

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2021-09-30 10:26:37 -04:00
parent adcb094cb6
commit ed4d6a0030
1 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/core/or/connection_edge.c
View File

@ -1636,12 +1636,12 @@ consider_plaintext_ports(entry_connection_t *conn, uint16_t port)
* The possible recognized forms are (where true is returned): * The possible recognized forms are (where true is returned):
* *
* If address is of the form "y.onion" with a well-formed handle y: * If address is of the form "y.onion" with a well-formed handle y:
* Put a NUL after y, lower-case it, and return ONION_V2_HOSTNAME or * Put a NUL after y, lower-case it, and return ONION_V3_HOSTNAME
* ONION_V3_HOSTNAME depending on the HS version. * depending on the HS version.
* *
* If address is of the form "x.y.onion" with a well-formed handle x: * If address is of the form "x.y.onion" with a well-formed handle x:
* Drop "x.", put a NUL after y, lower-case it, and return * Drop "x.", put a NUL after y, lower-case it, and return
* ONION_V2_HOSTNAME or ONION_V3_HOSTNAME depending on the HS version. * ONION_V3_HOSTNAME depending on the HS version.
* *
* If address is of the form "y.onion" with a badly-formed handle y: * If address is of the form "y.onion" with a badly-formed handle y:
* Return BAD_HOSTNAME and log a message. * Return BAD_HOSTNAME and log a message.
@ -1691,14 +1691,6 @@ parse_extended_hostname(char *address, hostname_type_t *type_out)
if (q != address) { if (q != address) {
memmove(address, q, strlen(q) + 1 /* also get \0 */); memmove(address, q, strlen(q) + 1 /* also get \0 */);
} }
/* v2 onion address check. */
if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) {
*type_out = ONION_V2_HOSTNAME;
if (rend_valid_v2_service_id(query)) {
goto success;
}
goto failed;
}
/* v3 onion address check. */ /* v3 onion address check. */
if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) { if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) {
@ -1718,8 +1710,7 @@ parse_extended_hostname(char *address, hostname_type_t *type_out)
failed: failed:
/* otherwise, return to previous state and return 0 */ /* otherwise, return to previous state and return 0 */
*s = '.'; *s = '.';
const bool is_onion = (*type_out == ONION_V2_HOSTNAME) || const bool is_onion = (*type_out == ONION_V3_HOSTNAME);
(*type_out == ONION_V3_HOSTNAME);
log_warn(LD_APP, "Invalid %shostname %s; rejecting", log_warn(LD_APP, "Invalid %shostname %s; rejecting",
is_onion ? "onion " : "", is_onion ? "onion " : "",
safe_str_client(address)); safe_str_client(address));