diff options
Diffstat (limited to 'src/core/proto/proto_socks.c')
| -rw-r--r-- | src/core/proto/proto_socks.c | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 5a7d7ac9be..a7ee190b3f 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -1,14 +1,19 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ +/** + * @file proto_socks.c + * @brief Implementations for SOCKS4 and SOCKS5 protocols. + **/ + #include "core/or/or.h" #include "feature/client/addressmap.h" -#include "lib/container/buffers.h" +#include "lib/buf/buffers.h" #include "core/mainloop/connection.h" -#include "feature/control/control.h" +#include "feature/control/control_events.h" #include "app/config/config.h" #include "lib/crypt_ops/crypto_util.h" #include "feature/relay/ext_orport.h" @@ -62,8 +67,8 @@ log_unsafe_socks_warning(int socks_protocol, const char *address, "Tor only an IP address. Applications that do DNS resolves " "themselves may leak information. Consider using Socks4A " "(e.g. via privoxy or socat) instead. For more information, " - "please see https://wiki.torproject.org/TheOnionRouter/" - "TorFAQ#SOCKSAndDNS.%s", + "please see https://2019.www.torproject.org/docs/faq.html.en" + "#WarningsAboutSOCKSandDNSInformationLeaks.%s", socks_protocol, (int)port, safe_socks ? " Rejecting." : ""); @@ -105,7 +110,7 @@ socks_request_free_(socks_request_t *req) /** * Parse a single SOCKS4 request from buffer <b>raw_data</b> of length * <b>datalen</b> and update relevant fields of <b>req</b>. If SOCKS4a - * request is detected, set <b>*is_socks4a<b> to true. Set <b>*drain_out</b> + * request is detected, set <b>*is_socks4a</b> to true. Set <b>*drain_out</b> * to number of bytes we parsed so far. * * Return SOCKS_RESULT_DONE if parsing succeeded, SOCKS_RESULT_INVALID if @@ -474,7 +479,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req, /** * Validate and respond to SOCKS5 username/password request we * parsed in parse_socks5_userpass_auth (corresponding to <b>req</b>. - * Set <b>req->reply</b> to appropriate responsed. Return + * Set <b>req->reply</b> to appropriate response. Return * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure. */ static socks_result_t @@ -584,9 +589,8 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, strlcpy(req->address, hostname, sizeof(req->address)); } break; case 4: { - const char *ipv6 = - (const char *)socks5_client_request_getarray_dest_addr_ipv6( - trunnel_req); + const uint8_t *ipv6 = + socks5_client_request_getarray_dest_addr_ipv6(trunnel_req); tor_addr_from_ipv6_bytes(&destaddr, ipv6); tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); @@ -618,6 +622,7 @@ process_socks5_client_request(socks_request_t *req, int safe_socks) { socks_result_t res = SOCKS_RESULT_DONE; + tor_addr_t tmpaddr; if (req->command != SOCKS_COMMAND_CONNECT && req->command != SOCKS_COMMAND_RESOLVE && @@ -628,11 +633,10 @@ process_socks5_client_request(socks_request_t *req, } if (req->command == SOCKS_COMMAND_RESOLVE_PTR && - !string_is_valid_ipv4_address(req->address) && - !string_is_valid_ipv6_address(req->address)) { + tor_addr_parse(&tmpaddr, req->address) < 0) { socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); log_warn(LD_APP, "socks5 received RESOLVE_PTR command with " - "hostname type. Rejecting."); + "a malformed address. Rejecting."); res = SOCKS_RESULT_INVALID; goto end; |