[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor] 01/04: socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a



This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit a282145b3634547ab84ccd959d0537c021ff7ffc
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
AuthorDate: Mon Dec 12 10:02:07 2022 -0500

    socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a
    
    The logic was inverted. Introduced in commit
    9155e08450fe7a609f8223202e8aa7dfbca20a6d.
    
    This was reported through our bug bounty program on H1. It fixes the
    TROVE-2022-002.
    
    Fixes #40730
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 changes/ticket40730          | 5 +++++
 src/core/proto/proto_socks.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/changes/ticket40730 b/changes/ticket40730
new file mode 100644
index 0000000000..f6d4c9de3b
--- /dev/null
+++ b/changes/ticket40730
@@ -0,0 +1,5 @@
+  o Major bugfixes (TROVE-2022-002, client):
+    - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
+      would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
+      TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
+      40730; bugfix on 0.3.5.1-alpha.
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
index a7ee190b3f..97863d389e 100644
--- a/src/core/proto/proto_socks.c
+++ b/src/core/proto/proto_socks.c
@@ -233,7 +233,7 @@ static socks_result_t
 process_socks4_request(const socks_request_t *req, int is_socks4a,
                        int log_sockstype, int safe_socks)
 {
-  if (is_socks4a && !addressmap_have_mapping(req->address, 0)) {
+  if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) {
     log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
 
     if (safe_socks)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits