diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-07-27 09:15:52 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-07-27 09:15:52 -0400 |
| commit | 58758e713f69a6ce2c66367d8524df578520a036 (patch) | |
| tree | 8a86948b136e628676b6c59a4fcb9f3b7c2f349b | |
| parent | c0106118fadb35e22fdbb038c3dfac2a89f816de (diff) | |
| parent | da6aa7bfa5014b980a93b38024d16b32720dc67a (diff) | |
| download | tor-58758e713f69a6ce2c66367d8524df578520a036.tar.gz tor-58758e713f69a6ce2c66367d8524df578520a036.zip | |
Merge remote-tracking branch 'yawning/bug16674'
| -rw-r--r-- | changes/bug16674 | 5 | ||||
| -rw-r--r-- | src/common/util.c | 6 | ||||
| -rw-r--r-- | src/test/test_util.c | 12 |
3 files changed, 23 insertions, 0 deletions
diff --git a/changes/bug16674 b/changes/bug16674 new file mode 100644 index 0000000000..de55523fc8 --- /dev/null +++ b/changes/bug16674 @@ -0,0 +1,5 @@ + o Minor features (client): + - Relax the validation done to hostnames in SOCKS5 requests, and allow + a single trailing '.' to cope with clients that pass FQDNs using that + syntax to explicitly indicate that the domain name is + fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha. diff --git a/src/common/util.c b/src/common/util.c index 618e6a1b6a..1aac4fc3d1 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1056,6 +1056,12 @@ string_is_valid_hostname(const char *string) break; } + /* Allow a single terminating '.' used rarely to indicate domains + * are FQDNs rather than relative. */ + if ((c_sl_idx > 0) && (c_sl_idx + 1 == c_sl_len) && !*c) { + continue; + } + do { if ((*c >= 'a' && *c <= 'z') || (*c >= 'A' && *c <= 'Z') || diff --git a/src/test/test_util.c b/src/test/test_util.c index 0f64c26e01..2bffb17bfd 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -4285,7 +4285,19 @@ test_util_hostname_validation(void *arg) // comply with a ~30 year old standard. tt_assert(string_is_valid_hostname("core3_euw1.fabrik.nytimes.com")); + // Firefox passes FQDNs with trailing '.'s directly to the SOCKS proxy, + // which is redundant since the spec states DOMAINNAME addresses are fully + // qualified. While unusual, this should be tollerated. + tt_assert(string_is_valid_hostname("core9_euw1.fabrik.nytimes.com.")); + tt_assert(!string_is_valid_hostname("..washingtonpost.is.better.com")); + tt_assert(!string_is_valid_hostname("so.is..ft.com")); + tt_assert(!string_is_valid_hostname("...")); + // XXX: do we allow single-label DNS names? + // We shouldn't for SOCKS (spec says "contains a fully-qualified domain name" + // but only test pathologically malformed traling '.' cases for now. + tt_assert(!string_is_valid_hostname(".")); + tt_assert(!string_is_valid_hostname("..")); done: return; |