diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-09-30 10:26:37 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-10-19 09:08:05 -0400 |
| commit | ed4d6a00300dec1dcac7cf294bebfe736e1d97a4 (patch) | |
| tree | 415fd56ed36fd454b61ce02658dfc1d6126a9475 | |
| parent | adcb094cb639ab8a3a36f3dc0bf1bb4e7fcdbd2b (diff) | |
| download | tor-ed4d6a00300dec1dcac7cf294bebfe736e1d97a4.tar.gz tor-ed4d6a00300dec1dcac7cf294bebfe736e1d97a4.zip | |
hs-v2: Disable SOCKS connection for v2 addresses
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>
| -rw-r--r-- | src/core/or/connection_edge.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 82e8ead5e0..d9067d5c29 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1636,12 +1636,12 @@ consider_plaintext_ports(entry_connection_t *conn, uint16_t port) * The possible recognized forms are (where true is returned): * * If address is of the form "y.onion" with a well-formed handle y: - * Put a NUL after y, lower-case it, and return ONION_V2_HOSTNAME or - * ONION_V3_HOSTNAME depending on the HS version. + * Put a NUL after y, lower-case it, and return ONION_V3_HOSTNAME + * depending on the HS version. * * If address is of the form "x.y.onion" with a well-formed handle x: * Drop "x.", put a NUL after y, lower-case it, and return - * ONION_V2_HOSTNAME or ONION_V3_HOSTNAME depending on the HS version. + * ONION_V3_HOSTNAME depending on the HS version. * * If address is of the form "y.onion" with a badly-formed handle y: * Return BAD_HOSTNAME and log a message. @@ -1691,14 +1691,6 @@ parse_extended_hostname(char *address, hostname_type_t *type_out) if (q != address) { memmove(address, q, strlen(q) + 1 /* also get \0 */); } - /* v2 onion address check. */ - if (strlen(query) == REND_SERVICE_ID_LEN_BASE32) { - *type_out = ONION_V2_HOSTNAME; - if (rend_valid_v2_service_id(query)) { - goto success; - } - goto failed; - } /* v3 onion address check. */ if (strlen(query) == HS_SERVICE_ADDR_LEN_BASE32) { @@ -1718,8 +1710,7 @@ parse_extended_hostname(char *address, hostname_type_t *type_out) failed: /* otherwise, return to previous state and return 0 */ *s = '.'; - const bool is_onion = (*type_out == ONION_V2_HOSTNAME) || - (*type_out == ONION_V3_HOSTNAME); + const bool is_onion = (*type_out == ONION_V3_HOSTNAME); log_warn(LD_APP, "Invalid %shostname %s; rejecting", is_onion ? "onion " : "", safe_str_client(address)); |