diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | doc/TODO | 6 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 16 | ||||
| -rw-r--r-- | src/or/or.h | 2 |
5 files changed, 25 insertions, 6 deletions
@@ -25,6 +25,10 @@ Changes in version 0.1.2.5-xxxx - 200?-??-?? NNTP by default, so this seems like a sensible addition. - Authorities do not recommend exits as guards if this would shift excess load to the exit nodes. + - Avoid some inadvertent info leaks by making clients reject hostnames + with invalid characters. Add an option to disable this behavior, + in case somebody is running a private network with hosts called @, !, + and #. o Security bugfixes: - Stop sending the HttpProxyAuthenticator string to directory @@ -96,12 +96,12 @@ d - Cache answers client-side o Add to Tor-resolve.py - Add to tor-resolve d - Be a DNS proxy. - - Check for invalid characters in hostnames before trying to resolve + o Check for invalid characters in hostnames before trying to resolve them. (This will help catch attempts do to mean things to our DNS server, and bad software that tries to do DNS lookups on whole URLs.) - - address_is_invalid_destination() is the right thing to call here + o address_is_invalid_destination() is the right thing to call here (and feel free to make that function smarter) - - add a config option to turn it off. + o add a config option to turn it off. - Bug 364: notice when all the DNS requests we get back (including a few well-known sites) are all going to the same place. - Bug 363: Warn and die if we can't find a nameserver and we're running a diff --git a/src/or/config.c b/src/or/config.c index 6ac612035a..7931a9790d 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -127,6 +127,7 @@ static config_var_t _option_vars[] = { VAR("__AllDirActionsPrivate",BOOL, AllDirActionsPrivate, "0"), VAR("AllowInvalidNodes", CSV, AllowInvalidNodes, "middle,rendezvous"), + VAR("AllowNonRFC953Hostnames", BOOL, AllowNonRFC953Hostnames, "0"), VAR("AssumeReachable", BOOL, AssumeReachable, "0"), VAR("AuthDirBadExit", LINELIST, AuthDirBadExit, NULL), VAR("AuthDirInvalid", LINELIST, AuthDirInvalid, NULL), @@ -354,6 +355,8 @@ static config_var_description_t options_description[] = { /* ==== client options */ { "AllowInvalidNodes", "Where on our circuits should Tor allow servers " "that the directory authorities haven't called \"valid\"?" }, + { "AllowNonRFC953Hostnames", "If set to 1, we don't automatically reject " + "hostnames for having invalid characters." }, /* CircuitBuildTimeout, CircuitIdleTimeout */ { "ClientOnly", "If set to 1, Tor will under no circumstances run as a " "server, even if ORPort is as configued." }, diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index be0c9a4820..ab83584140 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1030,9 +1030,19 @@ addressmap_register_virtual_address(int type, char *new_address) static int address_is_invalid_destination(const char *address) { - /* FFFF should flesh this out */ - if (strchr(address,':')) - return 1; + if (get_options()->AllowNonRFC953Hostnames) + return 0; + + while (*address) { + if (TOR_ISALNUM(*address) || + *address == '-' || + *address == '.' || + *address == '_') /* Underscore is not allowed, but Windows does it + * sometimes, just to thumb its nose at the IETF. */ + ++address; + else + return 1; + } return 0; } diff --git a/src/or/or.h b/src/or/or.h index 035787a1a5..845b92818b 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1656,6 +1656,8 @@ typedef struct { * same network zone in the same circuit. */ int TunnelDirConns; /**< If true, use BEGIN_DIR rather than BEGIN when * possible. */ + int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames + * with weird characters. */ } or_options_t; /** Persistent state for an onion router, as saved to disk. */ |