Only rewrite a conn's address based on X-Forwarded-For: headers

if it's a parseable public IP address; and stop adding extra quotes
to the resulting address.


svn:r9505

2 files changed, 10 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index d64ff5cc78..1be546cedc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -79,6 +79,9 @@ Changes in version 0.1.2.7-alpha - 2007-02-06
     - Call stat() slightly less often; use fstat() when possible.
     - Refactor the way we handle pending circuits when an OR connection
       completes or fails, in an attempt to fix a rare crash bug.
+    - Only rewrite a conn's address based on X-Forwarded-For: headers
+      if it's a parseable public IP address; and stop adding extra quotes
+      to the resulting address.
 
   o Major features:
     - Weight directory requests by advertised bandwidth. Now we can
diff --git a/src/or/directory.c b/src/or/directory.c
index 1b5468bd93..e181fa8fbd 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -708,8 +708,14 @@ http_set_address_origin(const char *headers, connection_t *conn)
   if (!fwd)
     fwd = http_get_header(headers, "X-Forwarded-For: ");
   if (fwd) {
+    struct in_addr in;
+    if (!tor_inet_aton(fwd, &in) || is_internal_IP(ntohl(in.s_addr), 0)) {
+      log_debug(LD_DIR, "Ignoring unrecognized or internal IP '%s'", fwd);
+      tor_free(fwd);
+      return;
+    }
     tor_free(conn->address);
-    conn->address = tor_strdup(escaped(fwd));
+    conn->address = tor_strdup(fwd);
     tor_free(fwd);
   }
 }