summaryrefslogtreecommitdiff
path: root/src/or/buffers.c
diff options
context:
space:
mode:
authorSebastian Hahn <sebastian@torproject.org>2010-10-04 13:31:58 +0200
committerNick Mathewson <nickm@torproject.org>2010-11-15 13:57:37 -0500
commitda3a6e724fc9b1aa780d1f0c13787f365d370bbe (patch)
tree5af6b662342bf4a2299963ce3a25d06ce3f1fcb7 /src/or/buffers.c
parentdbba84c917279c8c58b1bfdac37fbcdfd84b7bb7 (diff)
downloadtor-da3a6e724fc9b1aa780d1f0c13787f365d370bbe.tar.gz
tor-da3a6e724fc9b1aa780d1f0c13787f365d370bbe.zip
Rate-limit unsafe socks warning
Pick 5 seconds as the limit. 5 seconds is a compromise here between making sure the user notices that the bad behaviour is (still) happening and not spamming their log too much needlessly (the log message is pretty long). We also keep warning every time if safesocks is specified, because then the user presumably wants to hear about every blocked instance. (This is based on the original patch by Sebastian, then backported to 0.2.2 and with warnings split into their own function.)
Diffstat (limited to 'src/or/buffers.c')
-rw-r--r--src/or/buffers.c73
1 files changed, 38 insertions, 35 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index d25ff64333..3825dd6f47 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1299,6 +1299,39 @@ fetch_from_buf_http(buf_t *buf,
return 1;
}
+/**
+ * Wait this many seconds before warning the user about using SOCKS unsafely
+ * again (requires that WarnUnsafeSocks is turned on). */
+#define SOCKS_WARN_INTERVAL 5
+
+/** Warn that the user application has made an unsafe socks request using
+ * protocol <b>socks_protocol</b> on port <b>port</b>. Don't warn more than
+ * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
+static void
+log_unsafe_socks_warning(int socks_protocol, uint16_t port, int safe_socks)
+{
+ static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);
+
+ or_options_t *options = get_options();
+ char *m = NULL;
+ if (! options->WarnUnsafeSocks)
+ return;
+ if (safe_socks || (m = rate_limit_log(&socks_ratelim, approx_time()))) {
+ log_warn(LD_APP,
+ "Your application (using socks%d to port %d) is giving "
+ "Tor only an IP address. Applications that do DNS resolves "
+ "themselves may leak information. Consider using Socks4A "
+ "(e.g. via privoxy or socat) instead. For more information, "
+ "please see https://wiki.torproject.org/TheOnionRouter/"
+ "TorFAQ#SOCKSAndDNS.%s%s",
+ socks_protocol,
+ (int)port,
+ safe_socks ? " Rejecting." : "",
+ m ? m : "");
+ tor_free(m);
+ }
+}
+
/** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
* of the forms
* - socks4: "socksheader username\\0"
@@ -1337,10 +1370,6 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
char *next, *startaddr;
struct in_addr in;
- /* If the user connects with socks4 or the wrong variant of socks5,
- * then log a warning to let him know that it might be unwise. */
- static int have_warned_about_unsafe_socks = 0;
-
if (buf->datalen < 2) /* version and another byte */
return 0;
@@ -1420,23 +1449,11 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
req->port = ntohs(get_uint16(buf->head->data+4+addrlen));
buf_remove_from_front(buf, 6+addrlen);
if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
- !addressmap_have_mapping(req->address,0) &&
- !have_warned_about_unsafe_socks) {
- if (get_options()->WarnUnsafeSocks) {
- log_warn(LD_APP,
- "Your application (using socks5 to port %d) is giving "
- "Tor only an IP address. Applications that do DNS resolves "
- "themselves may leak information. Consider using Socks4A "
- "(e.g. via privoxy or socat) instead. For more information, "
- "please see https://wiki.torproject.org/TheOnionRouter/"
- "TorFAQ#SOCKSAndDNS.%s", req->port,
- safe_socks ? " Rejecting." : "");
- /*have_warned_about_unsafe_socks = 1;*/
- /*(for now, warn every time)*/
+ !addressmap_have_mapping(req->address,0)) {
+ log_unsafe_socks_warning(5, req->port, safe_socks);
control_event_client_status(LOG_WARN,
"DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
req->address, req->port);
- }
if (safe_socks)
return -1;
}
@@ -1536,23 +1553,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
startaddr = NULL;
if (socks4_prot != socks4a &&
- !addressmap_have_mapping(tmpbuf,0) &&
- !have_warned_about_unsafe_socks) {
- if (get_options()->WarnUnsafeSocks) {
- log_warn(LD_APP,
- "Your application (using socks4 to port %d) is giving Tor "
- "only an IP address. Applications that do DNS resolves "
- "themselves may leak information. Consider using Socks4A "
- "(e.g. via privoxy or socat) instead. For more information, "
- "please see https://wiki.torproject.org/TheOnionRouter/"
- "TorFAQ#SOCKSAndDNS.%s", req->port,
- safe_socks ? " Rejecting." : "");
- /*have_warned_about_unsafe_socks = 1;*/
- /*(for now, warn every time)*/
- control_event_client_status(LOG_WARN,
- "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
- tmpbuf, req->port);
- }
+ !addressmap_have_mapping(tmpbuf,0)) {
+ log_unsafe_socks_warning(4, req->port, safe_socks);
+
if (safe_socks)
return -1;
}