> Date: Sun, 31 Jan 2010 20:58:46 -0600 > From: bennett@xxxxxxxxxx > To: or-talk@xxxxxxxx > Subject: client bug in 0.2.2.7-alpha and a new bad exit: exoassist > So it appears that a) there is a new tor client bug in 0.2.2.7-alpha that > leaves the "exoassist.exit" in the name passed along from its SOCKS listener > to the destination port I understand better now. Here's the problem, also in 0.2.2.8-alpha: 2926 parse_extended_hostname(char *address, int allowdotexit) 2927 { 2928 char *s; 2929 char query[REND_SERVICE_ID_LEN_BASE32+1]; 2930 2931 s = strrchr(address,'.'); 2932 if (!s) 2933 return NORMAL_HOSTNAME; /* no dot, thus normal */ 2934 if (!strcmp(s+1,"exit")) { 2935 if (allowdotexit) { 2936 *s = 0; /* NUL-terminate it */ 2937 return EXIT_HOSTNAME; /* .exit */ 2938 } /* else */ 2939 log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to " 2940 "security risks. Set AllowDotExit in your torrc to enable it."); 2941 /* FFFF send a controller event too to notify Vidalia users */ 2942 } 2943 if (strcmp(s+1,"onion")) 2944 'return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */ There's no 'return BAD_HOSTNAME' after the 'log_warn', so it's falling through to 'return NORMAL_HOSTNAME' and also not null-teminating the string. GD Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now. |