[tor-commits] [torsocks/master] Fix: check if address is local after onion lookup

Fri, 04 Apr 2014 15:46:33 -0700 

commit 8068776cafdf42fbc1cd5c8d4751c657ddbb33ed
Author: David Goulet <[email protected]>
Date:   Thu Nov 7 21:26:12 2013 -0500

    Fix: check if address is local after onion lookup
    
    Make the .onion address lookup before we check if the address is local
    (in the loopback network range). By default, onion cookies are in that
    range (127.42.42.x).
    
    Signed-off-by: David Goulet <[email protected]>
---
 src/lib/connect.c |   24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/lib/connect.c b/src/lib/connect.c
index ab2e082..bdc9e6f 100644
--- a/src/lib/connect.c
+++ b/src/lib/connect.c
@@ -71,16 +71,6 @@ LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG)
 
        inet_addr = (struct sockaddr_in *) __addr;
 
-       /* Check if address is local IPv4. */
-       if (__addr->sa_family == AF_INET &&
-                       utils_is_ipv4_local(inet_addr->sin_addr.s_addr)) {
-               WARN("[connect] Connection to a local address are denied since 
it "
-                               "might be a TCP DNS query to a local DNS 
server. "
-                               "Rejecting it for safety reasons.");
-               errno = EPERM;
-               goto error;
-       }
-
        /*
         * Lock registry to get the connection reference if one. In this code 
path,
         * if a connection object is found, it will not be used since a double
@@ -104,7 +94,6 @@ LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG)
        on_entry = onion_entry_find_by_ip(inet_addr->sin_addr.s_addr,
                        &tsocks_onion_pool);
        onion_pool_unlock(&tsocks_onion_pool);
-
        if (on_entry) {
                /*
                 * Create a connection without a destination address since we 
will set
@@ -119,6 +108,19 @@ LIBC_CONNECT_RET_TYPE tsocks_connect(LIBC_CONNECT_SIG)
                new_conn->dest_addr.hostname.addr = strdup(on_entry->hostname);
                new_conn->dest_addr.hostname.port = inet_addr->sin_port;
        } else {
+               /*
+                * Check if address is local IPv4. At this point, we are sure 
it's not
+                * a .onion cookie address that is by default in the loopback 
network.
+                */
+               if (__addr->sa_family == AF_INET &&
+                               
utils_is_ipv4_local(inet_addr->sin_addr.s_addr)) {
+                       WARN("[connect] Connection to a local address are 
denied since it "
+                                       "might be a TCP DNS query to a local 
DNS server. "
+                                       "Rejecting it for safety reasons.");
+                       errno = EPERM;
+                       goto error;
+               }
+
                new_conn = connection_create(__sockfd, __addr);
                if (!new_conn) {
                        errno = ENOMEM;



_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to