diff options
| author | David Goulet <dgoulet@torproject.org> | 2023-01-12 10:52:35 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2023-01-12 10:52:35 -0500 |
| commit | 3b149097855a49d2ffae40a85d2b570c3095eb80 (patch) | |
| tree | 8fc701458941e61d0a0b7f80d968209309c41c1e | |
| parent | 1ee37f32f3f9b22b8a9404809c30452d80bd7021 (diff) | |
| parent | 0df4083299970674b4f399d3d85c6eab22cb8c7d (diff) | |
| download | tor-3b149097855a49d2ffae40a85d2b570c3095eb80.tar.gz tor-3b149097855a49d2ffae40a85d2b570c3095eb80.zip | |
Merge branch 'maint-0.4.7' into release-0.4.7
| -rw-r--r-- | changes/ticket40730 | 5 | ||||
| -rw-r--r-- | src/core/proto/proto_socks.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/changes/ticket40730 b/changes/ticket40730 new file mode 100644 index 0000000000..f6d4c9de3b --- /dev/null +++ b/changes/ticket40730 @@ -0,0 +1,5 @@ + o Major bugfixes (TROVE-2022-002, client): + - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It + would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is + TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug + 40730; bugfix on 0.3.5.1-alpha. diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 89745bd82c..07177c418a 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -233,7 +233,7 @@ static socks_result_t process_socks4_request(const socks_request_t *req, int is_socks4a, int log_sockstype, int safe_socks) { - if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { + if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) { log_unsafe_socks_warning(4, req->address, req->port, safe_socks); if (safe_socks) |