diff options
| -rw-r--r-- | src/or/buffers.c | 15 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 7 |
2 files changed, 21 insertions, 1 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index 4bba6423d4..f07dc7d233 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1003,7 +1003,13 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype) req->address[len] = 0; req->port = ntohs(get_uint16(buf->cur+5+len)); buf_remove_from_front(buf, 5+len+2); - + if (!tor_strisprint(req->address) || strchr(req->address,'\"')) { + log_warn(LD_PROTOCOL, + "Your application (using socks5 on port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped(req->address)); + return -1; + } if (log_sockstype) log_notice(LD_APP, "Your application (using socks5 on port %d) gave " @@ -1098,6 +1104,13 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, int log_sockstype) log_debug(LD_APP,"socks4: Everything is here. Success."); strlcpy(req->address, startaddr ? startaddr : tmpbuf, sizeof(req->address)); + if (!tor_strisprint(req->address) || strchr(req->address,'\"')) { + log_warn(LD_PROTOCOL, + "Your application (using socks4 on port %d) gave Tor " + "a malformed hostname: %s. Rejecting the connection.", + req->port, escaped(req->address)); + return -1; + } /* next points to the final \0 on inbuf */ buf_remove_from_front(buf, next-buf->cur+1); return 1; diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 1ad5ee4078..6b8b014b44 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1533,6 +1533,13 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) tor_free(address); return 0; } + if (!tor_strisprint(address)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Non-printing characters in address %s in relay " + "begin cell. Dropping.", escaped(address)); + tor_free(address); + return 0; + } log_debug(LD_EXIT,"Creating new exit connection."); n_stream = connection_new(CONN_TYPE_EXIT); |