Commit 847e001d authored by Yawning Angel's avatar Yawning Angel
Browse files

Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.

The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
parent 53255e92
o Minor bugfixes (client, unix domain sockets):
- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
as the client address is meaningless. Fixes bug 20261; bugfix on
......@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
another. Recognized isolation flags are:
Don't share circuits with streams from a different
client address. (On by default and strongly recommended;
you can disable it with **NoIsolateClientAddr**.)
client address. (On by default and strongly recommended when
supported; you can disable it with **NoIsolateClientAddr**.
Unsupported and force-disabled when using Unix domain sockets.)
Don't share circuits with streams for which different
SOCKS authentication was provided. (On by default;
......@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
goto err;
if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
/* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
* just silently remove the isolation flag.
isolation &= ~ISO_CLIENTADDR;
if (out && port) {
size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
port_cfg_t *cfg = port_cfg_new(namelen);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment