From: Robert Ransom Date: Tue, 31 May 2011 14:05:40 +0000 (-0700) Subject: Don't allow tor2web-mode Tors to connect to non-HS addresses X-Git-Tag: tor-0.2.3.9-alpha~26^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebf524b48b0340ed3b2bfc1d652e3d65b3aee11c;p=thirdparty%2Ftor.git Don't allow tor2web-mode Tors to connect to non-HS addresses The client's anonymity when accessing a non-HS address in tor2web-mode would be easily nuked by inserting an inline image with a .onion URL, so don't even pretend to access non-HS addresses through Tor. --- diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index efaad79b6a..bba666d3b9 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1892,6 +1892,14 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, return -1; } + if (options->Tor2webMode) { + log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname %s " + "because tor2web mode is enabled.", + safe_str_client(socks->address)); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + if (socks->command == SOCKS_COMMAND_RESOLVE) { uint32_t answer; struct in_addr in;