summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2022-12-12 10:02:07 -0500
committerDavid Goulet <dgoulet@torproject.org>2022-12-12 10:02:07 -0500
commita282145b3634547ab84ccd959d0537c021ff7ffc (patch)
treec506cf36a81303d725a1ff3737aff00f830d1085 /src
parentb117ce48dbde5d285a9cbe8ef9c2b7607245c0dc (diff)
downloadtor-a282145b3634547ab84ccd959d0537c021ff7ffc.tar.gz
tor-a282145b3634547ab84ccd959d0537c021ff7ffc.zip
socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a
The logic was inverted. Introduced in commit 9155e08450fe7a609f8223202e8aa7dfbca20a6d. This was reported through our bug bounty program on H1. It fixes the TROVE-2022-002. Fixes #40730 Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r--src/core/proto/proto_socks.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index a7ee190b3f..97863d389e 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -233,7 +233,7 @@ static socks_result_t
process_socks4_request(const socks_request_t *req, int is_socks4a,
int log_sockstype, int safe_socks)
{
- if (is_socks4a && !addressmap_have_mapping(req->address, 0)) {
+ if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) {
log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
if (safe_socks)