diff options
author | Nick Mathewson <nickm@torproject.org> | 2010-06-11 13:21:31 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2010-06-11 13:21:31 -0400 |
commit | 945633476ac203b5a0fc7901830df104524bfe56 (patch) | |
tree | 2414737ae1907168b5f094c6635a405050a29308 /src | |
parent | be1c4672c4ea0dc55cc062a72741c7498138d8af (diff) | |
parent | 10fdb9ee0a1605050f2a91f84f88397881cfd83a (diff) | |
download | tor-945633476ac203b5a0fc7901830df104524bfe56.tar.gz tor-945633476ac203b5a0fc7901830df104524bfe56.zip |
Merge commit 'sebastian/hostnamewarn'
Diffstat (limited to 'src')
-rw-r--r-- | src/or/buffers.c | 29 | ||||
-rw-r--r-- | src/or/config.c | 1 | ||||
-rw-r--r-- | src/or/or.h | 4 |
3 files changed, 22 insertions, 12 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index 4dbd9a7a0b..970c1888c1 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1402,19 +1402,21 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, if (req->command != SOCKS_COMMAND_RESOLVE_PTR && !addressmap_have_mapping(req->address,0) && !have_warned_about_unsafe_socks) { - log_warn(LD_APP, - "Your application (using socks5 to port %d) is giving " - "Tor only an IP address. Applications that do DNS resolves " - "themselves may leak information. Consider using Socks4A " - "(e.g. via privoxy or socat) instead. For more information, " - "please see https://wiki.torproject.org/TheOnionRouter/" - "TorFAQ#SOCKSAndDNS.%s", req->port, - safe_socks ? " Rejecting." : ""); - /*have_warned_about_unsafe_socks = 1;*/ + if (get_options()->WarnUnsafeSocks) { + log_warn(LD_APP, + "Your application (using socks5 to port %d) is giving " + "Tor only an IP address. Applications that do DNS resolves " + "themselves may leak information. Consider using Socks4A " + "(e.g. via privoxy or socat) instead. For more information, " + "please see https://wiki.torproject.org/TheOnionRouter/" + "TorFAQ#SOCKSAndDNS.%s", req->port, + safe_socks ? " Rejecting." : ""); + /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/ control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d", req->address, req->port); + } if (safe_socks) return -1; } @@ -1516,7 +1518,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, if (socks4_prot != socks4a && !addressmap_have_mapping(tmpbuf,0) && !have_warned_about_unsafe_socks) { - log_warn(LD_APP, + if (get_options()->WarnUnsafeSocks) { + log_warn(LD_APP, "Your application (using socks4 to port %d) is giving Tor " "only an IP address. Applications that do DNS resolves " "themselves may leak information. Consider using Socks4A " @@ -1524,10 +1527,12 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, "please see https://wiki.torproject.org/TheOnionRouter/" "TorFAQ#SOCKSAndDNS.%s", req->port, safe_socks ? " Rejecting." : ""); - /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/ - control_event_client_status(LOG_WARN, + /*have_warned_about_unsafe_socks = 1;*/ + /*(for now, warn every time)*/ + control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d", tmpbuf, req->port); + } if (safe_socks) return -1; } diff --git a/src/or/config.c b/src/or/config.c index efd8a27b3f..954ada6379 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -280,6 +280,7 @@ static config_var_t _option_vars[] = { V(NatdListenAddress, LINELIST, NULL), V(NatdPort, UINT, "0"), V(Nickname, STRING, NULL), + V(WarnUnsafeSocks, BOOL, "1"), V(NoPublish, BOOL, "0"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCpus, UINT, "1"), diff --git a/src/or/or.h b/src/or/or.h index 832bdd6961..f922de2d8a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2701,6 +2701,10 @@ typedef struct { * selection. */ int AllowDotExit; + /** If true, we will warn if a user gives us only an IP address + * instead of a hostname. */ + int WarnUnsafeSocks; + /** If true, the user wants us to collect statistics on clients * requesting network statuses from us as directory. */ int DirReqStatistics; |