From 93dc7dcf418f37023b5a1e3f4e8485d8286996b4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 31 Oct 2012 11:26:00 -0400 Subject: Reject IPv4 or IPv6 addresses from the user depending on SOCKS settings --- src/or/connection_edge.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 373edf71ab..dc7d863f49 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1148,6 +1148,30 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, } } + { + tor_addr_t addr; + /* XXX Duplicate call to tor_addr_parse. */ + if (tor_addr_parse(&addr, socks->address) >= 0) { + sa_family_t family = tor_addr_family(&addr); + if ((family == AF_INET && ! conn->ipv4_traffic_ok) || + (family == AF_INET6 && ! conn->ipv4_traffic_ok)) { + log_warn(LD_NET, "Rejecting SOCKS request for an IP address " + "family that this listener does not support."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } else if (family == AF_INET6 && socks->socks_version == 4) { + log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) { + log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with " + "no IPv4 traffic supported."); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + } + } + if (!conn->use_begindir && !conn->chosen_exit_name && !circ) { /* see if we can find a suitable enclave exit */ const node_t *r = -- cgit v1.2.3-54-g00ecf