[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.

Subject: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 01 Oct 2014 14:00:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 01 Oct 2014 10:00:55 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13315: Our SOCKS hostname validation is overly lax.
-------------------------------------+----------------------------------
 Reporter:  yawning                  |          Owner:
     Type:  defect                   |         Status:  new
 Priority:  normal                   |      Milestone:
Component:  Tor                      |        Version:  Tor: unspecified
 Keywords:  tor-client, easy, socks  |  Actual Points:
Parent ID:                           |         Points:
-------------------------------------+----------------------------------
 This applies to both SOCKS4a and SOCKS5.

 What we check (for rejection): `!tor_strisprint(req->address) ||
 strchr(req->address,'\"')`

 What the RFC says (RFC 1035 - 2.3.1. Preferred name syntax):
 {{{
 <domain> ::= <subdomain> | " "

 <subdomain> ::= <label> | <subdomain> "." <label>

 <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]

 <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>

 <let-dig-hyp> ::= <let-dig> | "-"

 <let-dig> ::= <letter> | <digit>

 <letter> ::= any one of the 52 alphabetic characters A through Z in
 upper case and a through z in lower case

 <digit> ::= any one of the ten digits 0 through 9
 }}}

 Changing the check to enforce isalnum(), '.' and '-' would cut out a lot
 more things that are flat out invalid.

 The one concern (raised by nickm) is "are there clients that send IPv6
 addresses as FQDNs"?  This is plausible for SOCKS4a (because it's the only
 way to get IPv6 support to work), and a sign of broken client that
 deserves to be laughed at for SOCKS5.  Calling `tor_inet_pton()` on the
 FQDN before filtering will cover this case (and is probably something we
 should do anyway for SafeSocks).

 This may be another #11138 will fix it sort of issue, though the changes
 are likewise trivial to do.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13315>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13161 [Chutney]: [patch] getting chutney working with tor 0.2.6-alpha on OS X
Next by Author: Re: [tor-bugs] #12579 [Ooni]: Make bouncer and client aware of policies
Previous by thread: Re: [tor-bugs] #12889 [general]: Simulate global circuit scheduling from #9262
Next by thread: Re: [tor-bugs] #13315 [Tor]: Our SOCKS hostname validation is overly lax.
Index(es):
- Author
- Thread