bugfix: we were whining about using socks4 or socks5-with-local-lookup

even when they used an IP in the "virtual" range we designed exactly for this case. svn:r5142
2024-09-20 21:16:22 +02:00 · 2005-09-24 21:56:04 +00:00 · 2005-09-24 21:56:04 +00:00 · fba01c3cc0
commit fba01c3cc0
parent 3cc460c9f9
3 changed files with 8 additions and 5 deletions
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@ -949,7 +949,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
          strlcpy(req->address,tmpbuf,sizeof(req->address));
          req->port = ntohs(*(uint16_t*)(buf->cur+8));
          buf_remove_from_front(buf, 10);
-          if (!have_warned_about_unsafe_socks) {
+          if (!address_is_in_virtual_range(req->address) &&
+              !have_warned_about_unsafe_socks) {
            log_fn(LOG_WARN,"Your application (using socks5 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.  For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS", req->port);
 //            have_warned_about_unsafe_socks = 1; // (for now, warn every time)
          }
@ -1019,7 +1020,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
      tor_assert(next < buf->cur+buf->datalen);

      startaddr = NULL;
-      if (socks4_prot != socks4a && !have_warned_about_unsafe_socks) {
+      if (socks4_prot != socks4a &&
+          !address_is_in_virtual_range(tmpbuf) &&
+          !have_warned_about_unsafe_socks) {
        log_fn(LOG_WARN,"Your application (using socks4 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.", req->port);
 //      have_warned_about_unsafe_socks = 1; // (for now, warn every time)
      }
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -18,7 +18,6 @@ static addr_policy_t *socks_policy = NULL;
 static smartlist_t *redirect_exit_list = NULL;

 static int connection_ap_handshake_process_socks(connection_t *conn);
-static int address_is_in_virtual_range(const char *addr);

 /** An AP stream has failed/finished. If it hasn't already sent back
 * a socks reply, send one now (based on endreason). Also set
@ -735,7 +734,7 @@ client_dns_set_addressmap(const char *address, uint32_t val, const char *exitnam
 * Return true iff <b>addr</b> is likely to have been returned by
 * client_dns_get_unused_address.
 **/
-static int
+int
 address_is_in_virtual_range(const char *addr)
 {
  struct in_addr in;
--- a/src/or/or.h
+++ b/src/or/or.h
@ -783,7 +783,7 @@ typedef struct {
  int num_unreachable_notifications;
 } routerinfo_t;

-/** Contents of a single per-router entry in a network status object.
+/** Contents of a single router entry in a network status object.
 */
 typedef struct routerstatus_t {
  time_t published_on; /**< When was this router published? */
@ -1599,6 +1599,7 @@ void addressmap_register(const char *address, char *new_address, time_t expires)
 int client_dns_incr_failures(const char *address);
 void client_dns_clear_failures(const char *address);
 void client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname, int ttl);
+int address_is_in_virtual_range(const char *addr);
 const char *addressmap_register_virtual_address(int type, char *new_address);
 void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires);