diff options
author | rl1987 <rl1987@sdf.lonestar.org> | 2014-10-12 21:04:15 +0300 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2014-11-04 00:36:42 -0500 |
commit | 2862b769deaaaa40347ffe808349c4e139e7eb45 (patch) | |
tree | 6ba337a532f9e8df33a43f6d06870087004f15b8 /src | |
parent | e8e45ff13ed86d8851bab77d65d899d0ca6e3b89 (diff) | |
download | tor-2862b769deaaaa40347ffe808349c4e139e7eb45.tar.gz tor-2862b769deaaaa40347ffe808349c4e139e7eb45.zip |
Validating SOCKS5 hostname more correctly.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/buffers.c | 10 | ||||
-rw-r--r-- | src/test/test_socks.c | 11 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index d174f8147a..e98f56932d 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -2048,7 +2048,15 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, req->address[len] = 0; req->port = ntohs(get_uint16(data+5+len)); *drain_out = 5+len+2; - if (!tor_strisprint(req->address) || strchr(req->address,'\"')) { + + if (string_is_valid_ipv4_address(req->address)) { + log_unsafe_socks_warning(5,req->address,req->port,safe_socks); + + if (safe_socks) + return -1; + } + + if (!string_is_valid_hostname(req->address)) { log_warn(LD_PROTOCOL, "Your application (using socks5 to port %d) gave Tor " "a malformed hostname: %s. Rejecting the connection.", diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 2b8f824b50..b9520b5c5c 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -229,6 +229,17 @@ test_socks_5_supported_commands(void *ptr) tt_int_op(0,==, buf_datalen(buf)); socks_request_clear(socks); + /* SOCKS 5 Should reject RESOLVE [F0] request for IPv4 address + * string if SafeSocks is enabled. */ + + ADD_DATA(buf, "\x05\x01\x00"); + ADD_DATA(buf, "\x05\xF0\x00\x03\x07"); + ADD_DATA(buf, "8.8.8.8"); + ADD_DATA(buf, "\x01\x02"); + tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1) + == -1); + socks_request_clear(socks); + /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */ ADD_DATA(buf, "\x05\x01\x00"); ADD_DATA(buf, "\x05\xF1\x00\x01\x02\x02\x02\x05\x01\x03"); |