diff options
| author | Roger Dingledine <arma@torproject.org> | 2007-01-27 18:56:13 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2007-01-27 18:56:13 +0000 |
| commit | 283c61e5d59c161059a6ffe91d36c18c5de48bd6 (patch) | |
| tree | c7539274669d17ea36d82b8472ad3615215f3742 | |
| parent | baeeadb6ebef8788e456ef5db4dafa76bcd2f7c0 (diff) | |
| download | tor-283c61e5d59c161059a6ffe91d36c18c5de48bd6.tar tor-283c61e5d59c161059a6ffe91d36c18c5de48bd6.tar.gz | |
If the socks handshake hasn't started, don't send a
"DNS resolve socks failed" handshake reply; just close it.
svn:r9437
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 10 |
2 files changed, 9 insertions, 3 deletions
@@ -36,6 +36,8 @@ Changes in version 0.1.2.7-alpha - 2007-??-?? - Expire socks connections if they spend too long waiting for the handshake to finish. Previously we would let them sit around for days, if the connecting application didn't close them either. + - And if the socks handshake hasn't started, don't send a + "DNS resolve socks failed" handshake reply; just close it. - Stop using C functions that OpenBSD's linker doesn't like. - Detect and reject DNS replies containing IPv4 or IPv6 records with an incorrect number of bytes. (Previously, we would ignore the diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 7b2f95eea..f82b1bab2 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -380,8 +380,9 @@ connection_ap_expire_beginning(void) if (conn->_base.state == AP_CONN_STATE_SOCKS_WAIT) { /* extra debugging */ log_fn(severity, LD_APP, - "Hints: inbuf len %lu, socks: version %d, command %d, " - "has_finished %d, address %s, port %d.", + "Hints: is_reading %d, inbuf len %lu, socks: version %d, " + "command %d, has_finished %d, address %s, port %d.", + connection_is_reading(TO_CONN(conn)), (unsigned long)buf_datalen(conn->_base.inbuf), (int)conn->socks_request->socks_version, conn->socks_request->command, @@ -1958,7 +1959,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn, memset(buf+2, 0, 6); replylen = SOCKS4_NETWORK_LEN; } - } else { + } else if (conn->socks_request->socks_version == 5) { /* SOCKS5 */ buf[0] = 0x05; /* version */ if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) { @@ -1988,6 +1989,9 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn, memset(buf+2, 0, 8); replylen = 10; } + } else { + /* no socks version info; don't send anything back */ + return; } connection_ap_handshake_socks_reply(conn, buf, replylen, (answer_type == RESOLVED_TYPE_IPV4 || |