Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Don't reject SOCKS5 requests that contain IP strings

rl1987 7 years ago
parent
9e2f780923
commit
7f05f89663
3 changed files with 17 additions and 24 deletions
Split View Show Diff Stats
  1. 4 3
      changes/bug22461
  2. 1 7
      src/or/buffers.c
  3. 12 14
      src/test/test_socks.c

+ 4 - 3
changes/bug22461
View File 

@@ -1,4 +1,5 @@
 
   o Minor bugfixes:
 
-    - Refrain from needlessly warning Tor controller about passing
 
-      IP addresses as FQDNs through SOCKS5 interface. Fixes bug
 
-      22461, bugfix on Tor 0.2.6.2-alpha.
 
+    - Refrain from needlessly rejecting SOCKS5 requests that contain
 
+      IP address strings when SafeSocks in enabled as this prevents
 
+      user from connecting to IP address they know without relying on
 
+      DNS for resolving.  Fixes bug 22461, bugfix on Tor 0.2.6.2-alpha.

+ 1 - 7
src/or/buffers.c
View File 

@@ -1684,13 +1684,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
 
           req->port = ntohs(get_uint16(data+5+len));
 
           *drain_out = 5+len+2;
 
 
-          if (string_is_valid_ipv4_address(req->address) ||
 
-              string_is_valid_ipv6_address(req->address)) {
 
-            if (safe_socks) {
 
-              socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
 
-              return -1;
 
-            }
 
-          } else if (!string_is_valid_hostname(req->address)) {
 
+          if (!string_is_valid_hostname(req->address)) {
 
             socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR);
 
 
             log_warn(LD_PROTOCOL,

+ 12 - 14
src/test/test_socks.c
View File 

@@ -229,25 +229,24 @@ test_socks_5_supported_commands(void *ptr)
 
   tt_int_op(0,OP_EQ, buf_datalen(buf));
 
   socks_request_clear(socks);
 
 
-  /* SOCKS 5 Should reject RESOLVE [F0] request for IPv4 address
 
+  /* SOCKS 5 Should NOT reject RESOLVE [F0] request for IPv4 address
 
    * string if SafeSocks is enabled. */
 
 
   ADD_DATA(buf, "\x05\x01\x00");
 
   ADD_DATA(buf, "\x05\xF0\x00\x03\x07");
 
   ADD_DATA(buf, "8.8.8.8");
 
-  ADD_DATA(buf, "\x01\x02");
 
+  ADD_DATA(buf, "\x11\x11");
 
   tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
 
-            == -1);
 
+            == 1);
 
 
-  tt_int_op(5,OP_EQ,socks->socks_version);
 
-  tt_int_op(10,OP_EQ,socks->replylen);
 
-  tt_int_op(5,OP_EQ,socks->reply[0]);
 
-  tt_int_op(SOCKS5_NOT_ALLOWED,OP_EQ,socks->reply[1]);
 
-  tt_int_op(1,OP_EQ,socks->reply[3]);
 
+  tt_str_op("8.8.8.8", OP_EQ, socks->address);
 
+  tt_int_op(4369, OP_EQ, socks->port);
 
+  
+  tt_int_op(0, OP_EQ, buf_datalen(buf));
 
 
   socks_request_clear(socks);
 
 
-  /* SOCKS 5 should reject RESOLVE [F0] reject for IPv6 address
 
+  /* SOCKS 5 should NOT reject RESOLVE [F0] reject for IPv6 address
 
    * string if SafeSocks is enabled. */
 
 
   ADD_DATA(buf, "\x05\x01\x00");
 
@@ -257,11 +256,10 @@ test_socks_5_supported_commands(void *ptr)
 
   tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
 
             == -1);
 
 
-  tt_int_op(5,OP_EQ,socks->socks_version);
 
-  tt_int_op(10,OP_EQ,socks->replylen);
 
-  tt_int_op(5,OP_EQ,socks->reply[0]);
 
-  tt_int_op(SOCKS5_NOT_ALLOWED,OP_EQ,socks->reply[1]);
 
-  tt_int_op(1,OP_EQ,socks->reply[3]);
 
+  tt_str_op("2001:0db8:85a3:0000:0000:8a2e:0370:7334", OP_EQ, socks->address);
 
+  tt_int_op(258, OP_EQ, socks->port);
 
+
 
+  tt_int_op(0, OP_EQ, buf_datalen(buf));
 
 
   socks_request_clear(socks);