[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18213 [Tor]: The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file



#18213: The parameter WarnUnsafeSocks does not work as specified in the
documentation, no warning is logged in the log file
-----------------------------------------------+---------------------------
 Reporter:  propropus                          |          Owner:
     Type:  defect                             |         Status:
 Priority:  High                               |  needs_review
Component:  Tor                                |      Milestone:  Tor:
 Severity:  Major                              |  0.2.8.x-final
 Keywords:  WarnUnsafeSocks, Log 027-backport  |        Version:
Parent ID:                                     |     Resolution:
  Sponsor:                                     |  Actual Points:
                                               |         Points:
-----------------------------------------------+---------------------------

Comment (by cypherpunks):

 Seems like propropus is correct.

 Commit a7334f5122046b55, "Use log_fn_ratelim in a few places", Nick
 Mathewson, 2012-12-26 (!), did the following to this part of the code:

 {{{
 @@ -1505,22 +1505,19 @@ log_unsafe_socks_warning(int socks_protocol, const
 char *address,
    static ratelim_t socks_ratelim = RATELIM_INIT(SOCKS_WARN_INTERVAL);

    const or_options_t *options = get_options();
 -  char *m = NULL;
    if (! options->WarnUnsafeSocks)
      return;
 -  if (safe_socks || (m = rate_limit_log(&socks_ratelim, approx_time())))
 {
 -    log_warn(LD_APP,
 +  if (safe_socks) {
 +    log_fn_ratelim(&socks_ratelim, LOG_WARN, LD_APP,
               "Your application (using socks%d to port %d) is giving "
               "Tor only an IP address. Applications that do DNS resolves "
               "themselves may leak information. Consider using Socks4A "
               "(e.g. via privoxy or socat) instead. For more information,
 "
               "please see https://wiki.torproject.org/TheOnionRouter/";
 -             "TorFAQ#SOCKSAndDNS.%s%s",
 +             "TorFAQ#SOCKSAndDNS.%s",
               socks_protocol,
               (int)port,
 -             safe_socks ? " Rejecting." : "",
 -             m ? m : "");
 -    tor_free(m);
 +             safe_socks ? " Rejecting." : "");
    }
    control_event_client_status(LOG_WARN,
                                "DANGEROUS_SOCKS PROTOCOL=SOCKS%d
 ADDRESS=%s:%d",
 }}}

 A sloppy refactoring that changed the semantics.

 Seems like the condition should be removed completely.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18213#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs