commit 0df4083299970674b4f399d3d85c6eab22cb8c7d
parent f2e9ce72d62c4057b32a524ad032b86dffa9a995
Author: David Goulet <dgoulet@torproject.org>
Date: Thu, 12 Jan 2023 10:52:35 -0500
Merge branch 'maint-0.4.5' into maint-0.4.7
Diffstat:
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/changes/ticket40730 b/changes/ticket40730
@@ -0,0 +1,5 @@
+ o Major bugfixes (TROVE-2022-002, client):
+ - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
+ would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
+ TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
+ 40730; bugfix on 0.3.5.1-alpha.
diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c
@@ -233,7 +233,7 @@ static socks_result_t
process_socks4_request(const socks_request_t *req, int is_socks4a,
int log_sockstype, int safe_socks)
{
- if (is_socks4a && !addressmap_have_mapping(req->address, 0)) {
+ if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) {
log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
if (safe_socks)
