Commit c1b5f536 authored by Nick Mathewson's avatar Nick Mathewson 🥄
Browse files

r11938@Kushana: nickm | 2007-01-11 11:02:28 -0500

 Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail.  Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.


svn:r9336
parent 3dfeaaaf
Changes in version 0.1.2.7-alpha - 2007-??-?? Changes in version 0.1.2.7-alpha - 2007-??-??
o Minor features:
- Check for addresses with invalid characters at the exit as well as at
the client, and warn less verbosely when they fail. You can override
this by setting ServerDNSAllowNonRFC953Addresses to 1.
o Major bugfixes: o Major bugfixes:
- Fix a crash bug in the presence of DNS hijacking (reported by Andrew - Fix a crash bug in the presence of DNS hijacking (reported by Andrew
Del Vecchio). Del Vecchio).
......
...@@ -501,7 +501,7 @@ When a controller asks for a virtual (unused) address with the ...@@ -501,7 +501,7 @@ When a controller asks for a virtual (unused) address with the
.LP .LP
.TP .TP
\fBAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP \fBAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP
When this option is enabled, Tor blocks hostnames containing illegal When this option is disabled, Tor blocks hostnames containing illegal
characters (like @ and :) rather than sending them to an exit node to be characters (like @ and :) rather than sending them to an exit node to be
resolved. This helps trap accidental attempts to resolve URLs and so on. resolved. This helps trap accidental attempts to resolve URLs and so on.
(Default: 0) (Default: 0)
...@@ -717,6 +717,12 @@ addresses aren't getting redirected. If they are, then our DNS is ...@@ -717,6 +717,12 @@ addresses aren't getting redirected. If they are, then our DNS is
completely useless, and we'll reset our exit policy to "reject *:*". completely useless, and we'll reset our exit policy to "reject *:*".
(Defaults to "www.google.com, www.mit.edu, www.yahoo.com, (Defaults to "www.google.com, www.mit.edu, www.yahoo.com,
www.slashdot.org".) www.slashdot.org".)
\fBServerDNSAllowNonRFC953Hostnames \fR\fB0\fR|\fB1\fR\fP
When this option is disabled, Tor does not try to resolve hostnames
containing illegal characters (like @ and :) rather than sending them to an
exit node to be resolved. This helps trap accidental attempts to resolve
URLs and so on.
(Default: 0)
.SH DIRECTORY SERVER OPTIONS .SH DIRECTORY SERVER OPTIONS
.PP .PP
......
...@@ -230,6 +230,8 @@ static config_var_t _option_vars[] = { ...@@ -230,6 +230,8 @@ static config_var_t _option_vars[] = {
VAR("RunTesting", BOOL, RunTesting, "0"), VAR("RunTesting", BOOL, RunTesting, "0"),
VAR("SafeLogging", BOOL, SafeLogging, "1"), VAR("SafeLogging", BOOL, SafeLogging, "1"),
VAR("SafeSocks", BOOL, SafeSocks, "0"), VAR("SafeSocks", BOOL, SafeSocks, "0"),
VAR("ServerDNSAllowNonRFC953Hostnames", BOOL,
ServerDNSAllowNonRFC953Hostnames, "0"),
VAR("ServerDNSDetectHijacking",BOOL, ServerDNSDetectHijacking,"1"), VAR("ServerDNSDetectHijacking",BOOL, ServerDNSDetectHijacking,"1"),
VAR("ServerDNSResolvConfFile", STRING, ServerDNSResolvConfFile, NULL), VAR("ServerDNSResolvConfFile", STRING, ServerDNSResolvConfFile, NULL),
VAR("ServerDNSSearchDomains", BOOL, ServerDNSSearchDomains, "0"), VAR("ServerDNSSearchDomains", BOOL, ServerDNSSearchDomains, "0"),
...@@ -3116,7 +3118,7 @@ config_register_addressmaps(or_options_t *options) ...@@ -3116,7 +3118,7 @@ config_register_addressmaps(or_options_t *options)
if (smartlist_len(elts) >= 2) { if (smartlist_len(elts) >= 2) {
from = smartlist_get(elts,0); from = smartlist_get(elts,0);
to = smartlist_get(elts,1); to = smartlist_get(elts,1);
if (address_is_invalid_destination(to)) { if (address_is_invalid_destination(to, 1)) {
log_warn(LD_CONFIG, log_warn(LD_CONFIG,
"Skipping invalid argument '%s' to MapAddress", to); "Skipping invalid argument '%s' to MapAddress", to);
} else { } else {
......
...@@ -1082,14 +1082,21 @@ addressmap_register_virtual_address(int type, char *new_address) ...@@ -1082,14 +1082,21 @@ addressmap_register_virtual_address(int type, char *new_address)
return *addrp; return *addrp;
} }
/** Return 1 if <b>address</b> has funny characters in it like /** Return 1 if <b>address</b> has funny characters in it like colons. Return
* colons. Return 0 if it's fine. * 0 if it's fine, or if we're configured to allow it anyway. <b>client</b>
* should be true if we're using this address as a client; false if we're
* using it as a server.
*/ */
int int
address_is_invalid_destination(const char *address) address_is_invalid_destination(const char *address, int client)
{ {
if (get_options()->AllowNonRFC953Hostnames) if (client) {
return 0; if (get_options()->AllowNonRFC953Hostnames)
return 0;
} else {
if (get_options()->ServerDNSAllowNonRFC953Hostnames)
return 0;
}
while (*address) { while (*address) {
if (TOR_ISALNUM(*address) || if (TOR_ISALNUM(*address) ||
...@@ -1234,7 +1241,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, ...@@ -1234,7 +1241,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
if (addresstype != ONION_HOSTNAME) { if (addresstype != ONION_HOSTNAME) {
/* not a hidden-service request (i.e. normal or .exit) */ /* not a hidden-service request (i.e. normal or .exit) */
if (address_is_invalid_destination(socks->address)) { if (address_is_invalid_destination(socks->address, 1)) {
log_warn(LD_APP, log_warn(LD_APP,
"Destination '%s' seems to be an invalid hostname. Failing.", "Destination '%s' seems to be an invalid hostname. Failing.",
safe_str(socks->address)); safe_str(socks->address));
......
...@@ -1350,7 +1350,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len, ...@@ -1350,7 +1350,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
const char *to = smartlist_get(elts,1); const char *to = smartlist_get(elts,1);
size_t anslen = strlen(line)+512; size_t anslen = strlen(line)+512;
char *ans = tor_malloc(anslen); char *ans = tor_malloc(anslen);
if (address_is_invalid_destination(to)) { if (address_is_invalid_destination(to, 1)) {
if (!v0) { if (!v0) {
tor_snprintf(ans, anslen, tor_snprintf(ans, anslen,
"512-syntax error: invalid address '%s'", to); "512-syntax error: invalid address '%s'", to);
......
...@@ -584,6 +584,20 @@ dns_resolve(edge_connection_t *exitconn, or_circuit_t *oncirc) ...@@ -584,6 +584,20 @@ dns_resolve(edge_connection_t *exitconn, or_circuit_t *oncirc)
send_resolved_cell(exitconn, oncirc, RESOLVED_TYPE_IPV4); send_resolved_cell(exitconn, oncirc, RESOLVED_TYPE_IPV4);
return 1; return 1;
} }
if (address_is_invalid_destination(exitconn->_base.address, 0)) {
log(LOG_PROTOCOL_WARN, LD_EXIT,
"Rejecting invalid destination address %s",
escaped_safe_str(exitconn->_base.address));
if (is_resolve)
send_resolved_cell(exitconn, oncirc, RESOLVED_TYPE_ERROR);
/* XXXX012 send error in connect case? -NM */
circ = circuit_get_by_edge_conn(exitconn);
if (circ)
circuit_detach_stream(circ, exitconn);
if (!exitconn->_base.marked_for_close)
connection_free(TO_CONN(exitconn));
return -1;
}
/* then take this opportunity to see if there are any expired /* then take this opportunity to see if there are any expired
* resolves in the hash table. */ * resolves in the hash table. */
......
...@@ -1671,6 +1671,8 @@ typedef struct { ...@@ -1671,6 +1671,8 @@ typedef struct {
* support BEGIN_DIR, when possible. */ * support BEGIN_DIR, when possible. */
int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
* with weird characters. */ * with weird characters. */
/** If true, we try resolving hostnames with weird characters. */
int ServerDNSAllowNonRFC953Hostnames;
} or_options_t; } or_options_t;
/** Persistent state for an onion router, as saved to disk. */ /** Persistent state for an onion router, as saved to disk. */
...@@ -2094,7 +2096,7 @@ int connection_ap_detach_retriable(edge_connection_t *conn, ...@@ -2094,7 +2096,7 @@ int connection_ap_detach_retriable(edge_connection_t *conn,
int reason); int reason);
int connection_ap_process_transparent(edge_connection_t *conn); int connection_ap_process_transparent(edge_connection_t *conn);
int address_is_invalid_destination(const char *address); int address_is_invalid_destination(const char *address, int client);
void addressmap_init(void); void addressmap_init(void);
void addressmap_clean(time_t now); void addressmap_clean(time_t now);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment