diff options
author | Robert Ransom <rransom.8774@gmail.com> | 2011-05-31 07:05:40 -0700 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2011-11-30 14:54:15 -0500 |
commit | ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c (patch) | |
tree | fe25dead4b9b185c9ab5d4013f72db0bca911449 /src/or/connection_edge.c | |
parent | 5f3e6eb0b9b450c81bd54d5dd87ff786a6d1ffea (diff) | |
download | tor-ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c.tar.gz tor-ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c.zip |
Don't allow tor2web-mode Tors to connect to non-HS addresses
The client's anonymity when accessing a non-HS address in tor2web-mode
would be easily nuked by inserting an inline image with a .onion URL, so
don't even pretend to access non-HS addresses through Tor.
Diffstat (limited to 'src/or/connection_edge.c')
-rw-r--r-- | src/or/connection_edge.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index efaad79b6a..bba666d3b9 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1892,6 +1892,14 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, return -1; } + if (options->Tor2webMode) { + log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname %s " + "because tor2web mode is enabled.", + safe_str_client(socks->address)); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + if (socks->command == SOCKS_COMMAND_RESOLVE) { uint32_t answer; struct in_addr in; |