mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
a282145b36
The logic was inverted. Introduced in commit
9155e08450
.
This was reported through our bug bounty program on H1. It fixes the
TROVE-2022-002.
Fixes #40730
Signed-off-by: David Goulet <dgoulet@torproject.org>
6 lines
313 B
Plaintext
6 lines
313 B
Plaintext
o Major bugfixes (TROVE-2022-002, client):
|
|
- The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
|
|
would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
|
|
TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
|
|
40730; bugfix on 0.3.5.1-alpha.
|