diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2016-09-30 18:43:31 +0000 |
|---|---|---|
| committer | Yawning Angel <yawning@schwanenlied.me> | 2016-09-30 18:43:31 +0000 |
| commit | 847e001d288b7d02d589d8df699e84d4d6d363b6 (patch) | |
| tree | 080ce98406d5569ae1aa68ccedcbec97fb4f1bdd | |
| parent | 53255e925c474f9d5cb30c1de4da025e6d709e9a (diff) | |
| download | tor-847e001d288b7d02d589d8df699e84d4d6d363b6.tar.gz tor-847e001d288b7d02d589d8df699e84d4d6d363b6.zip | |
Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
| -rw-r--r-- | changes/bug20261 | 4 | ||||
| -rw-r--r-- | doc/tor.1.txt | 5 | ||||
| -rw-r--r-- | src/or/config.c | 7 |
3 files changed, 14 insertions, 2 deletions
diff --git a/changes/bug20261 b/changes/bug20261 new file mode 100644 index 0000000000..dfdd15924b --- /dev/null +++ b/changes/bug20261 @@ -0,0 +1,4 @@ + o Minor bugfixes (client, unix domain sockets): + - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts + as the client address is meaningless. Fixes bug 20261; bugfix on + 0.2.6.3-alpha. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 2e73b2784c..330f0c1e32 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if another. Recognized isolation flags are: **IsolateClientAddr**;; Don't share circuits with streams from a different - client address. (On by default and strongly recommended; - you can disable it with **NoIsolateClientAddr**.) + client address. (On by default and strongly recommended when + supported; you can disable it with **NoIsolateClientAddr**. + Unsupported and force-disabled when using Unix domain sockets.) **IsolateSOCKSAuth**;; Don't share circuits with streams for which different SOCKS authentication was provided. (On by default; diff --git a/src/or/config.c b/src/or/config.c index 18cbe34be3..93e753bb49 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out, goto err; } + if (unix_socket_path && (isolation & ISO_CLIENTADDR)) { + /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL. + * just silently remove the isolation flag. + */ + isolation &= ~ISO_CLIENTADDR; + } + if (out && port) { size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0; port_cfg_t *cfg = port_cfg_new(namelen); |