[tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 21 17:20:33 UTC 2014
#13315: Our SOCKS hostname validation is overly lax.
-------------------------+-------------------------------------
Reporter: yawning | Owner: rl1987
Type: defect | Status: needs_revision
Priority: normal | Milestone:
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: tor-client, easy, socks
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------
Changes (by yawning):
* status: needs_review => needs_revision
Comment:
Minor nitpicks:
* Instead of `inet_pton()`, use `tor_inet_pton()`. IIRC the only
platform that requires this isn't supported anymore (WinXP), but no reason
to make portability worse when the routine already exists.
* Do we want to separate ipv4 vs ipv6 string validation?
`string_is_ip_address(int family, const char* addr);` would be how I would
have done it, but that's just me.
* Per nickm: "my only question is whether we really want to do the "IP
address in place of a hostname means a dns leak" thing.". I will defer to
his judgement here, changing it is easy in any case.
* If we do end up rejecting such cases depending on `safe_socks`, use the
spiffy new error routine you wrote and
`socks_request_set_socks5_error(req, SOCKS5_NOT_ALLOWED);`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13315#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list