curl leaks destination IP via glibc getaddrinfo() UDP connect, bypassing SOCKS5/Tor

## Summary: When using curl with a SOCKS5 proxy (e.g. Tor on 127.0.0.1:9050), glibc getaddrinfo() performs direct UDP connect() probes to the target’s IP:443. These syscalls bypass the proxy and expose the user’s route to the destination, breaking anonymity expectations. The IPs I got in my case: `116.202.120.181:443` `[64:ff9b::74ca:78b5]:443` No AI was used in the report ## Affected version Curl 7.88.1 Debian 13.0 ## Steps To Reproduce: 1. Run Tor locally on port 9050. 2. Lauch curl with the tor proxy, with tracing, using strace or sockstrace to monitor the connect syscalls: ``` strace: strace -f -e trace=connect curl --proxy socks5://localhost:9050 https://check.torproject.org ``` ``` sockstrace: go run main.go curl --args "--proxy" --args "socks5://localhost:9050" --args "https://check.torproject.org/" --logleaks ``` Observe that a connect() syscall is made to: ``` 116.202.120.181:443 [64:ff9b::74ca:78b5]:443 ``` ## Supporting Material/References: Backtrace shows leak originates in glibc/getaddrinfo.c: try_connect() (attached) ## Impact ## Summary: This issue allows the destination server (or any network observer) to learn the user’s real IP address even when curl is configured to use a SOCKS5 proxy such as Tor. The leak occurs before the proxied TCP connection is established, meaning anonymity is compromised. Any user relying on curl with Tor or other SOCKS5 proxies for privacy or censorship circumvention can be deanonymized.