diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-09-23 20:25:01 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-09-23 20:25:01 +0000 |
| commit | 75977fd79b7e097ed89164c677cd4d00bddf21ed (patch) | |
| tree | c0765e4f62dd3fce9a3b0a0ffc14033f10d02f59 | |
| parent | 545b317e1ff387dcf58fbd82ccdead9afa979685 (diff) | |
| download | tor-75977fd79b7e097ed89164c677cd4d00bddf21ed.tar.gz tor-75977fd79b7e097ed89164c677cd4d00bddf21ed.zip | |
Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede. Bugfix, amusingly, on 0.0.9rc5.
svn:r16944
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 8 |
2 files changed, 12 insertions, 3 deletions
@@ -35,7 +35,12 @@ Changes in version 0.2.1.6-alpha - 2008-09-xx still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha. - Avoid a bug where the FistFirstHopPK 0 option would keep Tor from bootstrapping with tunneled directory connections. Bugfix on - 0.1.2.5-alpha. Fixes bug 797. + 0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam. + - When asked to connect to A.B.exit:80, if we don't know the IP for A + and we know that server B most-but-not all connections to port 80, + we would previously reject the connection. Now, we assume the user + knows what they were asking for. Fixes bug 752. Bugfix on 0.0.9rc5. + Diagnosed by BarkerJr. o Minor features: - Update to the "September 1 2008" ip-to-country file. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index f799090de1..6b4c691474 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2857,8 +2857,12 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) addr = ntohl(in.s_addr); r = compare_addr_to_addr_policy(addr, conn->socks_request->port, exit->exit_policy); - if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED) - return 0; + if (r == ADDR_POLICY_REJECTED) + return 0; /* We know the address, and the exit policy rejects it. */ + if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name) + return 0; /* We don't know the addr, but the exit policy rejects most + * addresses with this port. Since the user didn't ask for + * this node, err on the side of caution. */ } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) { /* Can't support reverse lookups without eventdns. */ if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR && |