mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 21:16:22 +02:00
bugfix: we were whining about using socks4 or socks5-with-local-lookup
even when they used an IP in the "virtual" range we designed exactly for this case. svn:r5142
This commit is contained in:
parent
3cc460c9f9
commit
fba01c3cc0
@ -949,7 +949,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
strlcpy(req->address,tmpbuf,sizeof(req->address));
|
||||
req->port = ntohs(*(uint16_t*)(buf->cur+8));
|
||||
buf_remove_from_front(buf, 10);
|
||||
if (!have_warned_about_unsafe_socks) {
|
||||
if (!address_is_in_virtual_range(req->address) &&
|
||||
!have_warned_about_unsafe_socks) {
|
||||
log_fn(LOG_WARN,"Your application (using socks5 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS", req->port);
|
||||
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
|
||||
}
|
||||
@ -1019,7 +1020,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req)
|
||||
tor_assert(next < buf->cur+buf->datalen);
|
||||
|
||||
startaddr = NULL;
|
||||
if (socks4_prot != socks4a && !have_warned_about_unsafe_socks) {
|
||||
if (socks4_prot != socks4a &&
|
||||
!address_is_in_virtual_range(tmpbuf) &&
|
||||
!have_warned_about_unsafe_socks) {
|
||||
log_fn(LOG_WARN,"Your application (using socks4 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.", req->port);
|
||||
// have_warned_about_unsafe_socks = 1; // (for now, warn every time)
|
||||
}
|
||||
|
@ -18,7 +18,6 @@ static addr_policy_t *socks_policy = NULL;
|
||||
static smartlist_t *redirect_exit_list = NULL;
|
||||
|
||||
static int connection_ap_handshake_process_socks(connection_t *conn);
|
||||
static int address_is_in_virtual_range(const char *addr);
|
||||
|
||||
/** An AP stream has failed/finished. If it hasn't already sent back
|
||||
* a socks reply, send one now (based on endreason). Also set
|
||||
@ -735,7 +734,7 @@ client_dns_set_addressmap(const char *address, uint32_t val, const char *exitnam
|
||||
* Return true iff <b>addr</b> is likely to have been returned by
|
||||
* client_dns_get_unused_address.
|
||||
**/
|
||||
static int
|
||||
int
|
||||
address_is_in_virtual_range(const char *addr)
|
||||
{
|
||||
struct in_addr in;
|
||||
|
@ -783,7 +783,7 @@ typedef struct {
|
||||
int num_unreachable_notifications;
|
||||
} routerinfo_t;
|
||||
|
||||
/** Contents of a single per-router entry in a network status object.
|
||||
/** Contents of a single router entry in a network status object.
|
||||
*/
|
||||
typedef struct routerstatus_t {
|
||||
time_t published_on; /**< When was this router published? */
|
||||
@ -1599,6 +1599,7 @@ void addressmap_register(const char *address, char *new_address, time_t expires)
|
||||
int client_dns_incr_failures(const char *address);
|
||||
void client_dns_clear_failures(const char *address);
|
||||
void client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname, int ttl);
|
||||
int address_is_in_virtual_range(const char *addr);
|
||||
const char *addressmap_register_virtual_address(int type, char *new_address);
|
||||
void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user