diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-01-17 08:49:56 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-01-17 08:49:56 -0500 |
commit | 5086b16055777f11b3d196d637b91a134adf4baf (patch) | |
tree | c06df27eafd99aaf185e7bc8b0d61cb74a370013 | |
parent | 7f03ba06d8447025ef3e53906ebe9bcdd0d4d1b5 (diff) | |
parent | 4ae77e15d0ac8c6449d2a6588a7ebfab887954c1 (diff) | |
download | tor-5086b16055777f11b3d196d637b91a134adf4baf.tar.gz tor-5086b16055777f11b3d196d637b91a134adf4baf.zip |
Merge remote-tracking branch 'tor-github/pr/1529'
-rw-r--r-- | changes/bug32315 | 4 | ||||
-rw-r--r-- | src/core/proto/proto_socks.c | 6 | ||||
-rw-r--r-- | src/test/test_socks.c | 37 |
3 files changed, 44 insertions, 3 deletions
diff --git a/changes/bug32315 b/changes/bug32315 new file mode 100644 index 0000000000..9b48d8259a --- /dev/null +++ b/changes/bug32315 @@ -0,0 +1,4 @@ + o Major bugfixes (networking): + - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests, + and accept strings as well as binary addresses. Fixes bug 32315; + bugfix on Tor 0.3.5.1-alpha. diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 87074ff237..6fd08b2273 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -620,6 +620,7 @@ process_socks5_client_request(socks_request_t *req, int safe_socks) { socks_result_t res = SOCKS_RESULT_DONE; + tor_addr_t tmpaddr; if (req->command != SOCKS_COMMAND_CONNECT && req->command != SOCKS_COMMAND_RESOLVE && @@ -630,11 +631,10 @@ process_socks5_client_request(socks_request_t *req, } if (req->command == SOCKS_COMMAND_RESOLVE_PTR && - !string_is_valid_ipv4_address(req->address) && - !string_is_valid_ipv6_address(req->address)) { + tor_addr_parse(&tmpaddr, req->address) < 0) { socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " - "hostname type. Rejecting."); + "a malformed address. Rejecting."); res = SOCKS_RESULT_INVALID; goto end; diff --git a/src/test/test_socks.c b/src/test/test_socks.c index e002529594..40fb0481c6 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -399,6 +399,43 @@ test_socks_5_supported_commands(void *ptr) tt_int_op(0,OP_EQ, buf_datalen(buf)); + socks_request_clear(socks); + + /* SOCKS 5 Send RESOLVE_PTR [F1] for an IPv6 address */ + ADD_DATA(buf, "\x05\x01\x00"); + ADD_DATA(buf, "\x05\xF1\x00\x04" + "\x20\x01\x0d\xb8\x85\xa3\x00\x00\x00\x00\x8a\x2e\x03\x70\x73\x34" + "\x12\x34"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), + OP_EQ, 1); + tt_int_op(5,OP_EQ, socks->socks_version); + tt_int_op(2,OP_EQ, socks->replylen); + tt_int_op(5,OP_EQ, socks->reply[0]); + tt_int_op(0,OP_EQ, socks->reply[1]); + tt_str_op("[2001:db8:85a3::8a2e:370:7334]",OP_EQ, socks->address); + + tt_int_op(0,OP_EQ, buf_datalen(buf)); + + socks_request_clear(socks); + + /* SOCKS 5 Send RESOLVE_PTR [F1] for a an IPv6 address written as a + * string with brackets */ + ADD_DATA(buf, "\x05\x01\x00"); + ADD_DATA(buf, "\x05\xF1\x00\x03\x1e"); + ADD_DATA(buf, "[2001:db8:85a3::8a2e:370:7334]"); + ADD_DATA(buf, "\x12\x34"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), + OP_EQ, 1); + tt_int_op(5,OP_EQ, socks->socks_version); + tt_int_op(2,OP_EQ, socks->replylen); + tt_int_op(5,OP_EQ, socks->reply[0]); + tt_int_op(0,OP_EQ, socks->reply[1]); + tt_str_op("[2001:db8:85a3::8a2e:370:7334]",OP_EQ, socks->address); + + tt_int_op(0,OP_EQ, buf_datalen(buf)); + done: ; } |