2 files changed, 17 insertions, 1 deletions

diff --git a/src/or/buffers.c b/src/or/buffers.c
index 354bec64bc..691845ec10 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -2053,8 +2053,10 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req,
               string_is_valid_ipv6_address(req->address)) {
             log_unsafe_socks_warning(5,req->address,req->port,safe_socks);
 
-            if (safe_socks)
+            if (safe_socks) {
+              socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);
               return -1;
+            }
           }
 
           if (!string_is_valid_hostname(req->address)) {
diff --git a/src/test/test_socks.c b/src/test/test_socks.c
index ba6b9a9771..a3fe07fdc5 100644
--- a/src/test/test_socks.c
+++ b/src/test/test_socks.c
@@ -238,6 +238,13 @@ test_socks_5_supported_commands(void *ptr)
   ADD_DATA(buf, "\x01\x02");
   tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
             == -1);
+
+  tt_int_op(5,==,socks->socks_version);
+  tt_int_op(10,==,socks->replylen);
+  tt_int_op(5,==,socks->reply[0]);
+  tt_int_op(SOCKS5_NOT_ALLOWED,==,socks->reply[1]);
+  tt_int_op(1,==,socks->reply[3]);
+
   socks_request_clear(socks);
 
   /* SOCKS 5 should reject RESOLVE [F0] reject for IPv6 address
@@ -249,6 +256,13 @@ test_socks_5_supported_commands(void *ptr)
   ADD_DATA(buf, "\x01\x02");
   tt_assert(fetch_from_buf_socks(buf,socks,get_options()->TestSocks,1)
             == -1);
+
+  tt_int_op(5,==,socks->socks_version);
+  tt_int_op(10,==,socks->replylen);
+  tt_int_op(5,==,socks->reply[0]);
+  tt_int_op(SOCKS5_NOT_ALLOWED,==,socks->reply[1]);
+  tt_int_op(1,==,socks->reply[3]);
+
   socks_request_clear(socks);
 
   /* SOCKS 5 Send RESOLVE_PTR [F1] for IP address 2.2.2.5 */