[or-cvs] r9336: Check addresses for rfc953-saneness at exit too, and give a (in tor/trunk: . doc src/or)
nickm at seul.org
nickm at seul.org
Thu Jan 11 16:02:49 UTC 2007
Author: nickm
Date: 2007-01-11 11:02:39 -0500 (Thu, 11 Jan 2007)
New Revision: 9336
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/doc/tor.1.in
tor/trunk/src/or/config.c
tor/trunk/src/or/connection_edge.c
tor/trunk/src/or/control.c
tor/trunk/src/or/dns.c
tor/trunk/src/or/or.h
Log:
r11938 at Kushana: nickm | 2007-01-11 11:02:28 -0500
Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail. Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11938] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/ChangeLog 2007-01-11 16:02:39 UTC (rev 9336)
@@ -1,4 +1,10 @@
Changes in version 0.1.2.7-alpha - 2007-??-??
+
+ o Minor features:
+ - Check for addresses with invalid characters at the exit as well as at
+ the client, and warn less verbosely when they fail. You can override
+ this by setting ServerDNSAllowNonRFC953Addresses to 1.
+
o Major bugfixes:
- Fix a crash bug in the presence of DNS hijacking (reported by Andrew
Del Vecchio).
Modified: tor/trunk/doc/tor.1.in
===================================================================
--- tor/trunk/doc/tor.1.in 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/doc/tor.1.in 2007-01-11 16:02:39 UTC (rev 9336)
@@ -501,7 +501,7 @@
.LP
.TP
\fBAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP
-When this option is enabled, Tor blocks hostnames containing illegal
+When this option is disabled, Tor blocks hostnames containing illegal
characters (like @ and :) rather than sending them to an exit node to be
resolved. This helps trap accidental attempts to resolve URLs and so on.
(Default: 0)
@@ -717,6 +717,12 @@
completely useless, and we'll reset our exit policy to "reject *:*".
(Defaults to "www.google.com, www.mit.edu, www.yahoo.com,
www.slashdot.org".)
+\fBServerDNSAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP
+When this option is disabled, Tor does not try to resolve hostnames
+containing illegal characters (like @ and :) rather than sending them to an
+exit node to be resolved. This helps trap accidental attempts to resolve
+URLs and so on.
+(Default: 0)
.SH DIRECTORY SERVER OPTIONS
.PP
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/src/or/config.c 2007-01-11 16:02:39 UTC (rev 9336)
@@ -230,6 +230,8 @@
VAR("RunTesting", BOOL, RunTesting, "0"),
VAR("SafeLogging", BOOL, SafeLogging, "1"),
VAR("SafeSocks", BOOL, SafeSocks, "0"),
+ VAR("ServerDNSAllowNonRFC953Hostnames", BOOL,
+ ServerDNSAllowNonRFC953Hostnames, "0"),
VAR("ServerDNSDetectHijacking",BOOL, ServerDNSDetectHijacking,"1"),
VAR("ServerDNSResolvConfFile", STRING, ServerDNSResolvConfFile, NULL),
VAR("ServerDNSSearchDomains", BOOL, ServerDNSSearchDomains, "0"),
@@ -3116,7 +3118,7 @@
if (smartlist_len(elts) >= 2) {
from = smartlist_get(elts,0);
to = smartlist_get(elts,1);
- if (address_is_invalid_destination(to)) {
+ if (address_is_invalid_destination(to, 1)) {
log_warn(LD_CONFIG,
"Skipping invalid argument '%s' to MapAddress", to);
} else {
Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/src/or/connection_edge.c 2007-01-11 16:02:39 UTC (rev 9336)
@@ -1082,14 +1082,21 @@
return *addrp;
}
-/** Return 1 if <b>address</b> has funny characters in it like
- * colons. Return 0 if it's fine.
+/** Return 1 if <b>address</b> has funny characters in it like colons. Return
+ * 0 if it's fine, or if we're configured to allow it anyway. <b>client</b>
+ * should be true if we're using this address as a client; false if we're
+ * using it as a server.
*/
int
-address_is_invalid_destination(const char *address)
+address_is_invalid_destination(const char *address, int client)
{
- if (get_options()->AllowNonRFC953Hostnames)
- return 0;
+ if (client) {
+ if (get_options()->AllowNonRFC953Hostnames)
+ return 0;
+ } else {
+ if (get_options()->ServerDNSAllowNonRFC953Hostnames)
+ return 0;
+ }
while (*address) {
if (TOR_ISALNUM(*address) ||
@@ -1234,7 +1241,7 @@
if (addresstype != ONION_HOSTNAME) {
/* not a hidden-service request (i.e. normal or .exit) */
- if (address_is_invalid_destination(socks->address)) {
+ if (address_is_invalid_destination(socks->address, 1)) {
log_warn(LD_APP,
"Destination '%s' seems to be an invalid hostname. Failing.",
safe_str(socks->address));
Modified: tor/trunk/src/or/control.c
===================================================================
--- tor/trunk/src/or/control.c 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/src/or/control.c 2007-01-11 16:02:39 UTC (rev 9336)
@@ -1350,7 +1350,7 @@
const char *to = smartlist_get(elts,1);
size_t anslen = strlen(line)+512;
char *ans = tor_malloc(anslen);
- if (address_is_invalid_destination(to)) {
+ if (address_is_invalid_destination(to, 1)) {
if (!v0) {
tor_snprintf(ans, anslen,
"512-syntax error: invalid address '%s'", to);
Modified: tor/trunk/src/or/dns.c
===================================================================
--- tor/trunk/src/or/dns.c 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/src/or/dns.c 2007-01-11 16:02:39 UTC (rev 9336)
@@ -584,6 +584,20 @@
send_resolved_cell(exitconn, oncirc, RESOLVED_TYPE_IPV4);
return 1;
}
+ if (address_is_invalid_destination(exitconn->_base.address, 0)) {
+ log(LOG_PROTOCOL_WARN, LD_EXIT,
+ "Rejecting invalid destination address %s",
+ escaped_safe_str(exitconn->_base.address));
+ if (is_resolve)
+ send_resolved_cell(exitconn, oncirc, RESOLVED_TYPE_ERROR);
+ /* XXXX012 send error in connect case? -NM */
+ circ = circuit_get_by_edge_conn(exitconn);
+ if (circ)
+ circuit_detach_stream(circ, exitconn);
+ if (!exitconn->_base.marked_for_close)
+ connection_free(TO_CONN(exitconn));
+ return -1;
+ }
/* then take this opportunity to see if there are any expired
* resolves in the hash table. */
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2007-01-11 15:54:30 UTC (rev 9335)
+++ tor/trunk/src/or/or.h 2007-01-11 16:02:39 UTC (rev 9336)
@@ -1671,6 +1671,8 @@
* support BEGIN_DIR, when possible. */
int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
* with weird characters. */
+ /** If true, we try resolving hostnames with weird characters. */
+ int ServerDNSAllowNonRFC953Hostnames;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
@@ -2094,7 +2096,7 @@
int reason);
int connection_ap_process_transparent(edge_connection_t *conn);
-int address_is_invalid_destination(const char *address);
+int address_is_invalid_destination(const char *address, int client);
void addressmap_init(void);
void addressmap_clean(time_t now);
More information about the tor-commits
mailing list