summaryrefslogtreecommitdiff
path: root/src/or/connection_edge.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-10-31 11:26:00 -0400
committerNick Mathewson <nickm@torproject.org>2012-11-14 23:16:23 -0500
commit93dc7dcf418f37023b5a1e3f4e8485d8286996b4 (patch)
treec8f5d8e60689eea434b3dfa18b2a7bb9eea1be68 /src/or/connection_edge.c
parent111321ed16d59588d04e2c99ed949538e154f0e0 (diff)
downloadtor-93dc7dcf418f37023b5a1e3f4e8485d8286996b4.tar.gz
tor-93dc7dcf418f37023b5a1e3f4e8485d8286996b4.zip
Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings
Diffstat (limited to 'src/or/connection_edge.c')
-rw-r--r--src/or/connection_edge.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 373edf71ab..dc7d863f49 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1148,6 +1148,30 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
}
}
+ {
+ tor_addr_t addr;
+ /* XXX Duplicate call to tor_addr_parse. */
+ if (tor_addr_parse(&addr, socks->address) >= 0) {
+ sa_family_t family = tor_addr_family(&addr);
+ if ((family == AF_INET && ! conn->ipv4_traffic_ok) ||
+ (family == AF_INET6 && ! conn->ipv4_traffic_ok)) {
+ log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
+ "family that this listener does not support.");
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ } else if (family == AF_INET6 && socks->socks_version == 4) {
+ log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ } else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) {
+ log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
+ "no IPv4 traffic supported.");
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ }
+ }
+ }
+
if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
/* see if we can find a suitable enclave exit */
const node_t *r =