tor/ticket40730 at 9976da93679acc422c174f5e5b5bf890e387f1b1 - tor - Git with a cup of Datura seeds

nihilist/tor

mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 21:16:22 +02:00

David Goulet a282145b36 socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a

The logic was inverted. Introduced in commit
9155e08450.

This was reported through our bug bounty program on H1. It fixes the
TROVE-2022-002.

Fixes #40730

Signed-off-by: David Goulet <dgoulet@torproject.org>

2022-12-12 10:02:07 -05:00

6 lines

313 B

Plaintext

Raw Blame History

   o Major bugfixes (TROVE-2022-002, client):
     - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
       would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
       TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
 ; bugfix on 0.3.5.1-alpha.