Headline
CVE-2023-23589: socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a (a282145b) · Commits · The Tor Project / Core / Tor · GitLab
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
Commit a282145b authored Dec 12, 2022 by 🐼
Browse files
socks: Make SafeSocks refuse SOCKS4 and accept SOCKS4a
The logic was inverted. Introduced in commit 9155e084.
This was reported through our bug bounty program on H1. It fixes the TROVE-2022-002.
Fixes #40730
Signed-off-by: David Goulet <[email protected]>
- Changes 2
changes/ticket40730
0 → 100644
o Major bugfixes (TROVE-2022-002, client):
- The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It
would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is
TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug
40730; bugfix on 0.3.5.1-alpha.
…
…
@@ -233,7 +233,7 @@ static socks_result_t
process_socks4_request(const socks_request_t *req, int is_socks4a,
int log_sockstype, int safe_socks)
{
if (is_socks4a && !addressmap_have_mapping(req->address, 0)) {
if (!is_socks4a && !addressmap_have_mapping(req->address, 0)) {
log_unsafe_socks_warning(4, req->address, req->port, safe_socks);
if (safe_socks)
…
…
Related news
Gentoo Linux Security Advisory 202305-11 - Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service. Versions less than 0.4.7.13 are affected.
Debian Linux Security Advisory 5320-1 - A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass.