r8822@totoro: nickm | 2006-10-01 16:24:22 -0400

Fix bug 303: reject attempts to use Tor as a one-hop proxy. svn:r8566
author: Nick Mathewson <nickm@torproject.org> 2006-10-01 20:50:11 +0000
committer: Nick Mathewson <nickm@torproject.org> 2006-10-01 20:50:11 +0000
commit: ce72a9914e5e996f3c47cc9ec368309e0f1c861e (patch)
tree: 785572be5289ef84e5f846007a62713494d4ea68 /src/or/connection_edge.c
parent: 7ed921708f94b23653a65173a5b61ddeff6e9125 (diff)
download: tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.tar.gz
tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index c02999affb..9692edaadc 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1877,6 +1877,15 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
       return 0;
     }
 #endif
+    if (!CIRCUIT_IS_ORIGIN(circ) && TO_OR_CIRCUIT(circ)->is_first_hop) {
+      /* Don't let clients use us as a single-hop proxy; it attracts attackers
+       * and users who'd be better off with, well, single-hop proxies.
+       */
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+             "Attempt to open a stream on first hop of circuit. Rejecting.");
+      tor_free(address);
+      return 0;
+    }
   } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
     or_options_t *options = get_options();
     address = tor_strdup("127.0.0.1");
author	Nick Mathewson <nickm@torproject.org>	2006-10-01 20:50:11 +0000
committer	Nick Mathewson <nickm@torproject.org>	2006-10-01 20:50:11 +0000
commit	ce72a9914e5e996f3c47cc9ec368309e0f1c861e (patch)
tree	785572be5289ef84e5f846007a62713494d4ea68 /src/or/connection_edge.c
parent	7ed921708f94b23653a65173a5b61ddeff6e9125 (diff)
download	tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.tar.gz tor-ce72a9914e5e996f3c47cc9ec368309e0f1c861e.zip