[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/maint-0.2.2] Rate-limit unsafe socks warning



Author: Sebastian Hahn <sebastian@xxxxxxxxxxxxxx>
Date: Mon, 4 Oct 2010 13:31:58 +0200
Subject: Rate-limit unsafe socks warning
Commit: da3a6e724fc9b1aa780d1f0c13787f365d370bbe

Pick 5 seconds as the limit. 5 seconds is a compromise here between
making sure the user notices that the bad behaviour is (still) happening
and not spamming their log too much needlessly (the log message is
pretty long). We also keep warning every time if safesocks is
specified, because then the user presumably wants to hear about every
blocked instance.

(This is based on the original patch by Sebastian, then backported to
0.2.2 and with warnings split into their own function.)
---
 changes/bug2000  |    3 ++
 src/or/buffers.c |   73 ++++++++++++++++++++++++++++--------------------------
 2 files changed, 41 insertions(+), 35 deletions(-)
 create mode 100644 changes/bug2000

diff --git a/changes/bug2000 b/changes/bug2000
new file mode 100644
index 0000000..45ff2bd
--- /dev/null
+++ b/changes/bug2000
@@ -0,0 +1,3 @@
+  o Minor bugfixes:
+    - Rate-limit the "your application is giving Tor only an IP address"
+      warning. Fixes bug 2000; bugfix on 0.0.8pre2.
diff --git a/src/or/buffers.c b/src/or/buffers.c
index d25ff64..3825dd6 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1299,6 +1299,39 @@ fetch_from_buf_http(buf_t *buf,
   return 1;
 }
 
+/**
+ * Wait this many seconds before warning the user about using SOCKS unsafely
+ * again (requires that WarnUnsafeSocks is turned on). */
+#define SOCKS_WARN_INTERVAL 5
+
+/** Warn that the user application has made an unsafe socks request using
+ * protocol <b>socks_protocol</b> on port <b>port</b>.  Don't warn more than
+ * once per SOCKS_WARN_INTERVAL, unless <b>safe_socks</b> is set. */
+static void
+log_unsafe_socks_warning(int socks_protocol, uint16_t port, int safe_socks)
+{
+  static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);
+
+  or_options_t *options = get_options();
+  char *m = NULL;
+  if (! options->WarnUnsafeSocks)
+    return;
+  if (safe_socks || (m = rate_limit_log(&socks_ratelim, approx_time()))) {
+    log_warn(LD_APP,
+             "Your application (using socks%d to port %d) is giving "
+             "Tor only an IP address. Applications that do DNS resolves "
+             "themselves may leak information. Consider using Socks4A "
+             "(e.g. via privoxy or socat) instead. For more information, "
+             "please see https://wiki.torproject.org/TheOnionRouter/";
+             "TorFAQ#SOCKSAndDNS.%s%s",
+             socks_protocol,
+             (int)port,
+             safe_socks ? " Rejecting." : "",
+             m ? m : "");
+    tor_free(m);
+  }
+}
+
 /** There is a (possibly incomplete) socks handshake on <b>buf</b>, of one
  * of the forms
  *  - socks4: "socksheader username\\0"
@@ -1337,10 +1370,6 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
   char *next, *startaddr;
   struct in_addr in;
 
-  /* If the user connects with socks4 or the wrong variant of socks5,
-   * then log a warning to let him know that it might be unwise. */
-  static int have_warned_about_unsafe_socks = 0;
-
   if (buf->datalen < 2) /* version and another byte */
     return 0;
 
@@ -1420,23 +1449,11 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
           req->port = ntohs(get_uint16(buf->head->data+4+addrlen));
           buf_remove_from_front(buf, 6+addrlen);
           if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
-              !addressmap_have_mapping(req->address,0) &&
-              !have_warned_about_unsafe_socks) {
-            if (get_options()->WarnUnsafeSocks) {
-              log_warn(LD_APP,
-                  "Your application (using socks5 to port %d) is giving "
-                  "Tor only an IP address. Applications that do DNS resolves "
-                  "themselves may leak information. Consider using Socks4A "
-                  "(e.g. via privoxy or socat) instead. For more information, "
-                  "please see https://wiki.torproject.org/TheOnionRouter/";
-                  "TorFAQ#SOCKSAndDNS.%s", req->port,
-                  safe_socks ? " Rejecting." : "");
-              /*have_warned_about_unsafe_socks = 1;*/
-                                      /*(for now, warn every time)*/
+              !addressmap_have_mapping(req->address,0)) {
+            log_unsafe_socks_warning(5, req->port, safe_socks);
             control_event_client_status(LOG_WARN,
                           "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
                           req->address, req->port);
-            }
             if (safe_socks)
               return -1;
           }
@@ -1536,23 +1553,9 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
 
       startaddr = NULL;
       if (socks4_prot != socks4a &&
-          !addressmap_have_mapping(tmpbuf,0) &&
-          !have_warned_about_unsafe_socks) {
-        if (get_options()->WarnUnsafeSocks) {
-          log_warn(LD_APP,
-                 "Your application (using socks4 to port %d) is giving Tor "
-                 "only an IP address. Applications that do DNS resolves "
-                 "themselves may leak information. Consider using Socks4A "
-                 "(e.g. via privoxy or socat) instead. For more information, "
-                 "please see https://wiki.torproject.org/TheOnionRouter/";
-                 "TorFAQ#SOCKSAndDNS.%s", req->port,
-                 safe_socks ? " Rejecting." : "");
-          /*have_warned_about_unsafe_socks = 1;*/
-          /*(for now, warn every time)*/
-          control_event_client_status(LOG_WARN,
-                        "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
-                        tmpbuf, req->port);
-        }
+          !addressmap_have_mapping(tmpbuf,0)) {
+        log_unsafe_socks_warning(4, req->port, safe_socks);
+
         if (safe_socks)
           return -1;
       }
-- 
1.7.1