diff options
| author | Roger Dingledine <arma@torproject.org> | 2004-08-03 23:42:33 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2004-08-03 23:42:33 +0000 |
| commit | 8cb412412127dafd88e6b6a5b39a6b897f174a7c (patch) | |
| tree | 84e752113b8dc86c58e1265faef8267948abb685 /src/or/buffers.c | |
| parent | 849e998ac6c959429ee279a79ee1e5be5d9e7024 (diff) | |
| download | tor-8cb412412127dafd88e6b6a5b39a6b897f174a7c.tar tor-8cb412412127dafd88e6b6a5b39a6b897f174a7c.tar.gz | |
warn if we use an unsafe socks variant
for now, warn every time. we should decide how often we want to warn;
one problem here is that there are several scenarios where we use an
unsafe socks variant safely, so the warning may be inaccurate. hm.
svn:r2126
Diffstat (limited to 'src/or/buffers.c')
| -rw-r--r-- | src/or/buffers.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index 661b1e158..222140e47 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -409,6 +409,10 @@ int fetch_from_buf_http(buf_t *buf, return 1; } +/** If the user connects with socks4 or the wrong variant of socks5, + * then log one warning to let him know that it might be unwise. */ +static int have_warned_about_unsafe_socks = 0; + /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one * of the forms * - socks4: "socksheader username\\0" @@ -480,6 +484,10 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) { log_fn(LOG_DEBUG,"socks5: ipv4 address type"); if(buf->datalen < 10) /* ip/port there? */ return 0; /* not yet */ + if(!have_warned_about_unsafe_socks) { + log_fn(LOG_WARN,"Your application is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead."); +// have_warned_about_unsafe_socks = 1; // (for now, warn every time) + } destip = ntohl(*(uint32_t*)(buf->mem+4)); in.s_addr = htonl(destip); tmpbuf = inet_ntoa(in); @@ -556,6 +564,10 @@ int fetch_from_buf_socks(buf_t *buf, socks_request_t *req) { } startaddr = next+1; + if(socks4_prot != socks4a && !have_warned_about_unsafe_socks) { + log_fn(LOG_WARN,"Your application is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead."); +// have_warned_about_unsafe_socks = 1; // (for now, warn every time) + } if(socks4_prot == socks4a) { next = memchr(startaddr, 0, buf->mem+buf->datalen-startaddr); if(!next) { |