Opened 3 years ago

Closed 2 years ago

#17419 closed defect (fixed)

scrub invalid hostnames

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: 0.2.6.10
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor should scrub invalid hostnames because some sites actually contain content that uses "invalid hostnames" and therefore it may give away part if a Tor user's browsing history.

<date> [Warning] Your application (using socks5 to port <port>) gave Tor a malformed hostname: "_foo.bar.com". Rejecting the connection.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: 0.2.8.x-final
Priority: LowMedium

comment:2 Changed 2 years ago by nickm

Resolution: fixed
Status: newclosed

Hmm. That's already using "escaped_safe_str_client", as of19df037e53331ae528b876f225be08f198e0f8b6 in 0.2.7.3-rc, so it should be getting scrubbed.

I've looked through buffer.c for other instances of %s and found another, though. Fixing that with 3074b8365fe5c76e6fc0b9597a99ab2671c7e939

Note: See TracTickets for help on using tickets.