diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/buffers.c | 29 | ||||
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
3 files changed, 22 insertions, 12 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c index 4dbd9a7a0..970c1888c 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1402,19 +1402,21 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, if (req->command != SOCKS_COMMAND_RESOLVE_PTR && !addressmap_have_mapping(req->address,0) && !have_warned_about_unsafe_socks) { - log_warn(LD_APP, - "Your application (using socks5 to port %d) is giving " - "Tor only an IP address. Applications that do DNS resolves " - "themselves may leak information. Consider using Socks4A " - "(e.g. via privoxy or socat) instead. For more information, " - "please see https://wiki.torproject.org/TheOnionRouter/" - "TorFAQ#SOCKSAndDNS.%s", req->port, - safe_socks ? " Rejecting." : ""); - /*have_warned_about_unsafe_socks = 1;*/ + if (get_options()->WarnUnsafeSocks) { + log_warn(LD_APP, + "Your application (using socks5 to port %d) is giving " + "Tor only an IP address. Applications that do DNS resolves " + "themselves may leak information. Consider using Socks4A " + "(e.g. via privoxy or socat) instead. For more information, " + "please see https://wiki.torproject.org/TheOnionRouter/" + "TorFAQ#SOCKSAndDNS.%s", req->port, + safe_socks ? " Rejecting." : ""); + /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/ control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d", req->address, req->port); + } if (safe_socks) return -1; } @@ -1516,7 +1518,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, if (socks4_prot != socks4a && !addressmap_have_mapping(tmpbuf,0) && !have_warned_about_unsafe_socks) { - log_warn(LD_APP, + if (get_options()->WarnUnsafeSocks) { + log_warn(LD_APP, "Your application (using socks4 to port %d) is giving Tor " "only an IP address. Applications that do DNS resolves " "themselves may leak information. Consider using Socks4A " @@ -1524,10 +1527,12 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, "please see https://wiki.torproject.org/TheOnionRouter/" "TorFAQ#SOCKSAndDNS.%s", req->port, safe_socks ? " Rejecting." : ""); - /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/ - control_event_client_status(LOG_WARN, + /*have_warned_about_unsafe_socks = 1;*/ + /*(for now, warn every time)*/ + control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d", tmpbuf, req->port); + } if (safe_socks) return -1; } diff --git a/src/or/config.c b/src/or/config.c index efd8a27b3..954ada637 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -280,6 +280,7 @@ static config_var_t _option_vars[] = { V(NatdListenAddress, LINELIST, NULL), V(NatdPort, UINT, "0"), V(Nickname, STRING, NULL), + V(WarnUnsafeSocks, BOOL, "1"), V(NoPublish, BOOL, "0"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCpus, UINT, "1"), diff --git a/src/or/or.h b/src/or/or.h index 832bdd696..f922de2d8 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2701,6 +2701,10 @@ typedef struct { * selection. */ int AllowDotExit; + /** If true, we will warn if a user gives us only an IP address + * instead of a hostname. */ + int WarnUnsafeSocks; + /** If true, the user wants us to collect statistics on clients * requesting network statuses from us as directory. */ int DirReqStatistics; |