Loading changes/ticket40730 0 → 100644 +5 −0 Original line number Diff line number Diff line o Major bugfixes (TROVE-2022-002, client): - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. src/core/proto/proto_socks.c +1 −1 Original line number Diff line number Diff line Loading @@ -233,7 +233,7 @@ static socks_result_t process_socks4_request(const socks_request_t *req, int is_socks4a, int log_sockstype, int safe_socks) { if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) { log_unsafe_socks_warning(4, req->address, req->port, safe_socks); if (safe_socks) Loading Loading
changes/ticket40730 0 → 100644 +5 −0 Original line number Diff line number Diff line o Major bugfixes (TROVE-2022-002, client): - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha.
src/core/proto/proto_socks.c +1 −1 Original line number Diff line number Diff line Loading @@ -233,7 +233,7 @@ static socks_result_t process_socks4_request(const socks_request_t *req, int is_socks4a, int log_sockstype, int safe_socks) { if (is_socks4a && !addressmap_have_mapping(req->address, 0)) { if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) { log_unsafe_socks_warning(4, req->address, req->port, safe_socks); if (safe_socks) Loading
