Commit 283c61e5 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

If the socks handshake hasn't started, don't send a

"DNS resolve socks failed" handshake reply; just close it.


svn:r9437
parent baeeadb6
......@@ -36,6 +36,8 @@ Changes in version 0.1.2.7-alpha - 2007-??-??
- Expire socks connections if they spend too long waiting for the
handshake to finish. Previously we would let them sit around for
days, if the connecting application didn't close them either.
- And if the socks handshake hasn't started, don't send a
"DNS resolve socks failed" handshake reply; just close it.
- Stop using C functions that OpenBSD's linker doesn't like.
- Detect and reject DNS replies containing IPv4 or IPv6 records with
an incorrect number of bytes. (Previously, we would ignore the
......
......@@ -380,8 +380,9 @@ connection_ap_expire_beginning(void)
if (conn->_base.state == AP_CONN_STATE_SOCKS_WAIT) {
/* extra debugging */
log_fn(severity, LD_APP,
"Hints: inbuf len %lu, socks: version %d, command %d, "
"has_finished %d, address %s, port %d.",
"Hints: is_reading %d, inbuf len %lu, socks: version %d, "
"command %d, has_finished %d, address %s, port %d.",
connection_is_reading(TO_CONN(conn)),
(unsigned long)buf_datalen(conn->_base.inbuf),
(int)conn->socks_request->socks_version,
conn->socks_request->command,
......@@ -1958,7 +1959,7 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
memset(buf+2, 0, 6);
replylen = SOCKS4_NETWORK_LEN;
}
} else {
} else if (conn->socks_request->socks_version == 5) {
/* SOCKS5 */
buf[0] = 0x05; /* version */
if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
......@@ -1988,6 +1989,9 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
memset(buf+2, 0, 8);
replylen = 10;
}
} else {
/* no socks version info; don't send anything back */
return;
}
connection_ap_handshake_socks_reply(conn, buf, replylen,
(answer_type == RESOLVED_TYPE_IPV4 ||
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment