diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-09-23 20:26:05 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-09-23 20:26:05 +0000 |
| commit | b9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1 (patch) | |
| tree | 47da9a14aad9658752903888c84fa635c99ae886 | |
| parent | 9d296f7701cfa35d4faacba679808f5ad65081b5 (diff) | |
| download | tor-b9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1.tar.gz tor-b9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1.zip | |
(Backport to 0.2.0 branch) Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede. Bugfix, amusingly, on 0.0.9rc5.
svn:r16945
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 8 |
2 files changed, 12 insertions, 3 deletions
@@ -5,7 +5,12 @@ Changes in version 0.2.0.32 - 2008-??-?? correctly. (Found by Riastradh.) - Avoid a bug where the FistFirstHopPK 0 option would keep Tor from bootstrapping with tunneled directory connections. Bugfix on - 0.1.2.5-alpha. Fixes bug 797. + 0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam. + - When asked to connect to A.B.exit:80, if we don't know the IP for A + and we know that server B most-but-not all connections to port 80, + we would previously reject the connection. Now, we assume the user + knows what they were asking for. Fixes bug 752. Bugfix on 0.0.9rc5. + Diagnosed by BarkerJr. Changes in version 0.2.0.31 - 2008-09-03 diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index b42dadf49c..76388c7e56 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2807,8 +2807,12 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) addr = ntohl(in.s_addr); r = compare_addr_to_addr_policy(addr, conn->socks_request->port, exit->exit_policy); - if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED) - return 0; + if (r == ADDR_POLICY_REJECTED) + return 0; /* We know the address, and the exit policy rejects it. */ + if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name) + return 0; /* We don't know the addr, but the exit policy rejects most + * addresses with this port. Since the user didn't ask for + * this node, err on the side of caution. */ } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) { /* Can't support reverse lookups without eventdns. */ if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR && |