diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-10-31 11:26:00 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-11-14 23:16:23 -0500 |
commit | 93dc7dcf418f37023b5a1e3f4e8485d8286996b4 (patch) | |
tree | c8f5d8e60689eea434b3dfa18b2a7bb9eea1be68 | |
parent | 111321ed16d59588d04e2c99ed949538e154f0e0 (diff) | |
download | tor-93dc7dcf418f37023b5a1e3f4e8485d8286996b4.tar.gz tor-93dc7dcf418f37023b5a1e3f4e8485d8286996b4.zip |
Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings
-rw-r--r-- | src/or/connection_edge.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 373edf71ab..dc7d863f49 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1148,6 +1148,30 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, } } + { + tor_addr_t addr; + /* XXX Duplicate call to tor_addr_parse. */ + if (tor_addr_parse(&addr, socks->address) >= 0) { + sa_family_t family = tor_addr_family(&addr); + if ((family == AF_INET && ! conn->ipv4_traffic_ok) || + (family == AF_INET6 && ! conn->ipv4_traffic_ok)) { + log_warn(LD_NET, "Rejecting SOCKS request for an IP address " + "family that this listener does not support."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } else if (family == AF_INET6 && socks->socks_version == 4) { + log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) { + log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with " + "no IPv4 traffic supported."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + } + } + if (!conn->use_begindir && !conn->chosen_exit_name && !circ) { /* see if we can find a suitable enclave exit */ const node_t *r = |