From fba01c3cc0613155f16d017d9d2be0950869b039 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sat, 24 Sep 2005 21:56:04 +0000 Subject: [PATCH] bugfix: we were whining about using socks4 or socks5-with-local-lookup even when they used an IP in the "virtual" range we designed exactly for this case. svn:r5142 --- src/or/buffers.c | 7 +++++-- src/or/connection_edge.c | 3 +-- src/or/or.h | 3 ++- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/or/buffers.c b/src/or/buffers.c index c3863b2886..ccd5f48511 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -949,7 +949,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req) strlcpy(req->address,tmpbuf,sizeof(req->address)); req->port = ntohs(*(uint16_t*)(buf->cur+8)); buf_remove_from_front(buf, 10); - if (!have_warned_about_unsafe_socks) { + if (!address_is_in_virtual_range(req->address) && + !have_warned_about_unsafe_socks) { log_fn(LOG_WARN,"Your application (using socks5 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS", req->port); // have_warned_about_unsafe_socks = 1; // (for now, warn every time) } @@ -1019,7 +1020,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req) tor_assert(next < buf->cur+buf->datalen); startaddr = NULL; - if (socks4_prot != socks4a && !have_warned_about_unsafe_socks) { + if (socks4_prot != socks4a && + !address_is_in_virtual_range(tmpbuf) && + !have_warned_about_unsafe_socks) { log_fn(LOG_WARN,"Your application (using socks4 on port %d) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead.", req->port); // have_warned_about_unsafe_socks = 1; // (for now, warn every time) } diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 53861c514f..bf51b126fe 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -18,7 +18,6 @@ static addr_policy_t *socks_policy = NULL; static smartlist_t *redirect_exit_list = NULL; static int connection_ap_handshake_process_socks(connection_t *conn); -static int address_is_in_virtual_range(const char *addr); /** An AP stream has failed/finished. If it hasn't already sent back * a socks reply, send one now (based on endreason). Also set @@ -735,7 +734,7 @@ client_dns_set_addressmap(const char *address, uint32_t val, const char *exitnam * Return true iff addr is likely to have been returned by * client_dns_get_unused_address. **/ -static int +int address_is_in_virtual_range(const char *addr) { struct in_addr in; diff --git a/src/or/or.h b/src/or/or.h index 092def5aaa..4234765465 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -783,7 +783,7 @@ typedef struct { int num_unreachable_notifications; } routerinfo_t; -/** Contents of a single per-router entry in a network status object. +/** Contents of a single router entry in a network status object. */ typedef struct routerstatus_t { time_t published_on; /**< When was this router published? */ @@ -1599,6 +1599,7 @@ void addressmap_register(const char *address, char *new_address, time_t expires) int client_dns_incr_failures(const char *address); void client_dns_clear_failures(const char *address); void client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname, int ttl); +int address_is_in_virtual_range(const char *addr); const char *addressmap_register_virtual_address(int type, char *new_address); void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires);