[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.

commit 847e001d288b7d02d589d8df699e84d4d6d363b6
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Fri Sep 30 18:43:31 2016 +0000

    Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
    
    The client addr is essentially meaningless in this context (yes, it is
    possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
    but no one does it, and there are better ways to grant that sort of
    feature if people want it like using `SO_PASSCRED`).
---
 changes/bug20261 | 4 ++++
 doc/tor.1.txt    | 5 +++--
 src/or/config.c  | 7 +++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/changes/bug20261 b/changes/bug20261
new file mode 100644
index 0000000..dfdd159
--- /dev/null
+++ b/changes/bug20261
@@ -0,0 +1,4 @@
+  o Minor bugfixes (client, unix domain sockets):
+    - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts
+      as the client address is meaningless. Fixes bug 20261; bugfix on
+      0.2.6.3-alpha.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 2e73b27..330f0c1 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1046,8 +1046,9 @@ The following options are useful only for clients (that is, if
     another.  Recognized isolation flags are:
     **IsolateClientAddr**;;
         Don't share circuits with streams from a different
-        client address.  (On by default and strongly recommended;
-        you can disable it with **NoIsolateClientAddr**.)
+        client address.  (On by default and strongly recommended when
+        supported; you can disable it with **NoIsolateClientAddr**.
+        Unsupported and force-disabled when using Unix domain sockets.)
     **IsolateSOCKSAuth**;;
         Don't share circuits with streams for which different
         SOCKS authentication was provided. (On by default;
diff --git a/src/or/config.c b/src/or/config.c
index 18cbe34..93e753b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -6838,6 +6838,13 @@ parse_port_config(smartlist_t *out,
       goto err;
     }
 
+    if (unix_socket_path && (isolation & ISO_CLIENTADDR)) {
+      /* `IsolateClientAddr` is nonsensical in the context of AF_LOCAL.
+       * just silently remove the isolation flag.
+       */
+      isolation &= ~ISO_CLIENTADDR;
+    }
+
     if (out && port) {
       size_t namelen = unix_socket_path ? strlen(unix_socket_path) : 0;
       port_cfg_t *cfg = port_cfg_new(namelen);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits