diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-03-18 18:51:42 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-03-18 18:51:42 +0000 |
commit | a258f9b594a5e039007036b2254ed6cec58ffcaa (patch) | |
tree | 3d399ce98eaf4328c6bfaee4935b1ff9b42fb0c2 | |
parent | 877ee496b1d4cf6a754d466306eb9c15ae0e0984 (diff) | |
download | tor-a258f9b594a5e039007036b2254ed6cec58ffcaa.tar.gz tor-a258f9b594a5e039007036b2254ed6cec58ffcaa.zip |
r18938@catbus: nickm | 2008-03-18 14:51:30 -0400
Backport: Fix the other lingering part of bug 617: make ClientDNSRejectInternalAddresses actually work.
svn:r14108
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | src/or/connection_edge.c | 13 | ||||
-rw-r--r-- | src/or/dns.c | 3 | ||||
-rw-r--r-- | src/or/or.h | 1 |
4 files changed, 17 insertions, 3 deletions
@@ -46,6 +46,9 @@ Changes in version 0.2.0.22-rc - 2008-03-17 - Make sure that the "NULL-means-reject *:*" convention is followed by all the policy manipulation functions, avoiding some possible crash bugs. Bug found by lodger. Bugfix on 0.2.0.16-alpha. + - Fix the implementation of ClientDNSRejectInternalAddresses so that it + actually works, and doesn't warn about every single reverse lookup. + Fixes the other part of bug 617. Bugfix on 0.2.0.1-alpha. o Minor features: - Only log guard node status when guard node status has changed. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 27dc4d05f5..ee60dbff5a 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1328,8 +1328,17 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, if (options->ClientDNSRejectInternalAddresses) { /* Don't let people try to do a reverse lookup on 10.0.0.1. */ tor_addr_t addr; - if (tor_addr_from_str(&addr, socks->address) >= 0 && - tor_addr_is_internal(&addr, 0)) { + struct in_addr in; + int ok; + if (!strcasecmpend(socks->address, ".in-addr.arpa")) + ok = !parse_inaddr_arpa_address(socks->address, &in); + else + ok = tor_inet_aton(socks->address, &in); + /*XXXX021 make this a function. */ + addr.family = AF_INET; + memcpy(&addr.addr.in_addr, &in, sizeof(struct in_addr)); + + if (ok && tor_addr_is_internal(&addr, 0)) { connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR, 0, NULL, -1, TIME_MAX); connection_mark_unattached_ap(conn, diff --git a/src/or/dns.c b/src/or/dns.c index bb932450f5..e6347c5e00 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -481,7 +481,8 @@ send_resolved_hostname_cell(edge_connection_t *conn, const char *hostname) * parse it and place the address in <b>in</b> if present. Return 1 on success; * 0 if the address is not in in-addr.arpa format, and -1 if the address is * malformed. */ -static int +/* XXXX021 move this to util.c. */ +int parse_inaddr_arpa_address(const char *address, struct in_addr *in) { char buf[INET_NTOA_BUF_LEN]; diff --git a/src/or/or.h b/src/or/or.h index a8a7898523..d4b8e5d3e5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3235,6 +3235,7 @@ int dns_resolve(edge_connection_t *exitconn); void dns_launch_correctness_checks(void); int dns_seems_to_be_broken(void); void dns_reset_correctness_checks(void); +int parse_inaddr_arpa_address(const char *address, struct in_addr *in); /********************************* dnsserv.c ************************/ |