prevent tor accepting dns requests on dnsport initiated by itself
Robert Hogan
robert at roberthogan.net
Thu Jun 21 21:53:08 UTC 2007
This would also prevent the user resolving a dns request if it coincided
exactly with the very same request by tor. I don't know how likely this would
be in practice - I certainly haven't been quick enough on the draw.
It also mis-uses search_origname to store the request name for ordinary
lookups rather than just searches.
If this is the only objection to it, I could just add a new field to the
request struct and resubmit.
Index: src/or/dnsserv.c
===================================================================
--- src/or/dnsserv.c (revision 10649)
+++ src/or/dnsserv.c (working copy)
@@ -99,6 +99,11 @@
tor_assert(q->type == EVDNS_TYPE_PTR);
}
+ if (request_find_from_name(q->name)){
+ err = DNS_ERR_REFUSED;
+ log_warn(LD_APP, "Refusing DNS request initiated by Tor.");
+ }
+
/* Make sure the name isn't too long: This should be impossible, I think.
*/
if (err == DNS_ERR_NONE && strlen(q->name) > MAX_SOCKS_ADDR_LEN-1)
err = DNS_ERR_FORMAT;
Index: src/or/eventdns.c
===================================================================
--- src/or/eventdns.c (revision 10649)
+++ src/or/eventdns.c (working copy)
@@ -443,6 +443,27 @@
return NULL;
}
+// This walks the list of inflight requests to find the
+// one with a matching name request. Returns 1 on
+// success, 0 on failure
+int
+request_find_from_name(const char *name) {
+ struct request *req = req_head, *const started_at = req_head;
+
+ if (req) {
+ do {
+ log(EVDNS_LOG_WARN, "inflight %s with %s",
req->search_origname,name);
+ if (req->search_origname){
+ if (!strcmp(req->search_origname,name))
+ return 1;
+ }
+ req = req->next;
+ } while (req != started_at);
+ }
+
+ return 0;
+}
+
// a libevent callback function which is called when a nameserver
// has gone down and we want to test if it has came back to life yet
static void
@@ -2220,6 +2241,7 @@
if (rlen < 0)
goto err1;
req->request_len = rlen;
+ req->search_origname = strdup(name);
req->trans_id = trans_id;
req->tx_count = 0;
req->request_type = type;
Index: src/or/eventdns.h
===================================================================
--- src/or/eventdns.h (revision 10649)
+++ src/or/eventdns.h (working copy)
@@ -277,7 +277,9 @@
void evdns_search_clear(void);
void evdns_search_add(const char *domain);
void evdns_search_ndots_set(const int ndots);
+int request_find_from_name(const char *name);
More information about the tor-dev
mailing list