[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

prevent tor accepting dns requests on dnsport initiated by itself

To: or-dev@xxxxxxxxxxxxx
Subject: prevent tor accepting dns requests on dnsport initiated by itself
From: Robert Hogan <robert@xxxxxxxxxxxxxxx>
Date: Thu, 21 Jun 2007 22:53:08 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Thu, 21 Jun 2007 17:53:19 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: KMail/1.9.6

This would also prevent the user resolving a dns request if it coincided 
exactly with the very same request by tor. I don't know how likely this would 
be in practice - I certainly haven't been quick enough on the draw.

It also mis-uses search_origname to store the request name for ordinary 
lookups rather than just searches.

If this is the only objection to it, I could just add a new field to the 
request struct and resubmit.



Index: src/or/dnsserv.c
===================================================================
--- src/or/dnsserv.c	(revision 10649)
+++ src/or/dnsserv.c	(working copy)
@@ -99,6 +99,11 @@
     tor_assert(q->type == EVDNS_TYPE_PTR);
   }
 
+  if (request_find_from_name(q->name)){
+    err = DNS_ERR_REFUSED;
+    log_warn(LD_APP, "Refusing DNS request initiated by Tor.");
+  }
+
   /* Make sure the name isn't too long: This should be impossible, I think. 
*/
   if (err == DNS_ERR_NONE && strlen(q->name) > MAX_SOCKS_ADDR_LEN-1)
     err = DNS_ERR_FORMAT;

Index: src/or/eventdns.c
===================================================================
--- src/or/eventdns.c	(revision 10649)
+++ src/or/eventdns.c	(working copy)
@@ -443,6 +443,27 @@
 	return NULL;
 }
 
+// This walks the list of inflight requests to find the
+// one with a matching name request. Returns 1 on
+// success, 0 on failure
+int
+request_find_from_name(const char *name) {
+	struct request *req = req_head, *const started_at = req_head;
+
+	if (req) {
+		do {
+            log(EVDNS_LOG_WARN, "inflight %s with %s", 
req->search_origname,name);
+            if (req->search_origname){
+                if (!strcmp(req->search_origname,name))
+                    return 1;
+            }
+			req = req->next;
+		} while (req != started_at);
+	}
+
+	return 0;
+}
+
 // a libevent callback function which is called when a nameserver
 // has gone down and we want to test if it has came back to life yet
 static void
@@ -2220,6 +2241,7 @@
 	if (rlen < 0)
 		goto err1;
 	req->request_len = rlen;
+    req->search_origname = strdup(name);
 	req->trans_id = trans_id;
 	req->tx_count = 0;
 	req->request_type = type;
Index: src/or/eventdns.h
===================================================================
--- src/or/eventdns.h	(revision 10649)
+++ src/or/eventdns.h	(working copy)
@@ -277,7 +277,9 @@
 void evdns_search_clear(void);
 void evdns_search_add(const char *domain);
 void evdns_search_ndots_set(const int ndots);
+int request_find_from_name(const char *name);

Follow-Ups:
- Re: prevent tor accepting dns requests on dnsport initiated by itself
  - From: Nick Mathewson

Prev by Author: TODO: Add a way to request DNS resolves from the controller
Next by Author: Re: prevent tor accepting dns requests on dnsport initiated by itself
Previous by thread: Re: TODO: Add a way to request DNS resolves from the controller
Next by thread: Re: prevent tor accepting dns requests on dnsport initiated by itself
Index(es):
- Author
- Thread