From 711db72ad0224c3f5d094ccd3167a3362a1ce37e Mon Sep 17 00:00:00 2001 From: Valentin Lorentz Date: Thu, 27 May 2021 01:08:33 +0200 Subject: [PATCH] Socket: Fix crash non-TLS connections when using a SOCKS proxy --- src/drivers/Socket.py | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/drivers/Socket.py b/src/drivers/Socket.py index 6db0bf226..3aa177848 100644 --- a/src/drivers/Socket.py +++ b/src/drivers/Socket.py @@ -42,11 +42,7 @@ import threading import select import socket -try: - import ipaddress # Python >= 3.3 or backported ipaddress -except ImportError: - # Python < 3.3 - ipaddress = None +import ipaddress from .. import (conf, drivers, log, utils, world) from ..utils import minisix @@ -314,14 +310,21 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin): address = address.decode('utf-8') elif (not network_config.requireStarttls()) and \ (not network_config.ssl()) and \ - (not self.currentServer.force_tls_verification) and \ - (ipaddress is None or not ipaddress.ip_address(address).is_loopback): - drivers.log.warning(('Connection to network %s ' - 'does not use SSL/TLS, which makes it vulnerable to ' - 'man-in-the-middle attacks and passive eavesdropping. ' - 'You should consider upgrading your connection to SSL/TLS ' - '') - % self.irc.network) + (not self.currentServer.force_tls_verification): + + try: + is_loopback = ipaddress.ip_address(address).is_loopback + except ValueError: + # address is a hostname, eg. because we're using a SOCKS + # proxy + is_loopback = False + if not is_loopback: + drivers.log.warning(('Connection to network %s ' + 'does not use SSL/TLS, which makes it vulnerable to ' + 'man-in-the-middle attacks and passive eavesdropping. ' + 'You should consider upgrading your connection to SSL/TLS ' + '') + % self.irc.network) conf.supybot.drivers.poll.addCallback(self.setTimeout) self.setTimeout()