aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorRobert Ransom <rransom.8774@gmail.com>2011-05-31 07:05:40 -0700
committerNick Mathewson <nickm@torproject.org>2011-11-30 14:54:15 -0500
commitebf524b48b0340ed3b2bfc1d652e3d65b3aee11c (patch)
treefe25dead4b9b185c9ab5d4013f72db0bca911449 /src/or
parent5f3e6eb0b9b450c81bd54d5dd87ff786a6d1ffea (diff)
downloadtor-ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c.tar
tor-ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c.tar.gz
Don't allow tor2web-mode Tors to connect to non-HS addresses
The client's anonymity when accessing a non-HS address in tor2web-mode would be easily nuked by inserting an inline image with a .onion URL, so don't even pretend to access non-HS addresses through Tor.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/connection_edge.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index efaad79b6..bba666d3b 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1892,6 +1892,14 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
return -1;
}
+ if (options->Tor2webMode) {
+ log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname %s "
+ "because tor2web mode is enabled.",
+ safe_str_client(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ }
+
if (socks->command == SOCKS_COMMAND_RESOLVE) {
uint32_t answer;
struct in_addr in;