[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: client bug in 0.2.2.7-alpha and a new bad exit: exoassist



> Date: Sun, 31 Jan 2010 20:58:46 -0600
> From: bennett@xxxxxxxxxx
> To: or-talk@xxxxxxxx
> Subject: client bug in 0.2.2.7-alpha and a new bad exit: exoassist

> So it appears that a) there is a new tor client bug in 0.2.2.7-alpha that
> leaves the "exoassist.exit" in the name passed along from its SOCKS listener
> to the destination port

I understand better now. Here's the problem, also in 0.2.2.8-alpha:
  2926  parse_extended_hostname(char *address, int allowdotexit)
  2927  {
  2928      char *s;
  2929      char query[REND_SERVICE_ID_LEN_BASE32+1];
  2930
  2931      s = strrchr(address,'.');
  2932      if (!s)
  2933        return NORMAL_HOSTNAME; /* no dot, thus normal */
  2934      if (!strcmp(s+1,"exit")) {
  2935        if (allowdotexit) {
  2936          *s = 0; /* NUL-terminate it */
  2937          return EXIT_HOSTNAME; /* .exit */
  2938        } /* else */
  2939        log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
  2940                 "security risks. Set AllowDotExit in your torrc to enable it.");
  2941        /* FFFF send a controller event too to notify Vidalia users */
  2942      }
  2943      if (strcmp(s+1,"onion"))
  2944        'return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */

There's no 'return BAD_HOSTNAME' after the 'log_warn', so it's falling through to 'return NORMAL_HOSTNAME' and also not null-teminating the string.
GD


Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.