diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-10-21 17:09:04 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-10-21 17:09:04 +0000 |
| commit | b166a43cb6536574d96fc2c72d07b7eb908dfe99 (patch) | |
| tree | 1870f5d80323f3a9f9c7f50570fa9c676b71f795 | |
| parent | 5e762e6a5c0e6729bb7dbb586af2690c087d9ba8 (diff) | |
| download | tor-b166a43cb6536574d96fc2c72d07b7eb908dfe99.tar.gz tor-b166a43cb6536574d96fc2c72d07b7eb908dfe99.zip | |
Fix another case of refusing to use a chosen exit node because we think it will reject _mostly_ everything. Based on patch from rovv. See bug 752.
svn:r17139
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/or/circuituse.c | 43 |
2 files changed, 35 insertions, 11 deletions
@@ -34,6 +34,9 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx - If a broken client asks a non-exit router to connect somewhere, do not even do the DNS lookup before rejecting the connection. Fixes another case of bug 619. Patch from rovv. + - Fix another case of assuming, when a specific exit is requested, + that we know more than the user about what hosts it allows. + Fixes another case of bug 752. Patch from rovv. Changes in version 0.2.1.6-alpha - 2008-09-30 diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 3537a73876..8f4788064d 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1069,17 +1069,38 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn, /* Do we need to check exit policy? */ if (check_exit_policy) { - struct in_addr in; - uint32_t addr = 0; - if (tor_inet_aton(conn->socks_request->address, &in)) - addr = ntohl(in.s_addr); - if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port, - need_uptime)) { - log_notice(LD_APP, - "No Tor server exists that allows exit to %s:%d. Rejecting.", - safe_str(conn->socks_request->address), - conn->socks_request->port); - return -1; + if (!conn->chosen_exit_name) { + struct in_addr in; + uint32_t addr = 0; + if (tor_inet_aton(conn->socks_request->address, &in)) + addr = ntohl(in.s_addr); + if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port, + need_uptime)) { + log_notice(LD_APP, + "No Tor server exists that allows exit to %s:%d. Rejecting.", + safe_str(conn->socks_request->address), + conn->socks_request->port); + return -1; + } + } else { + /* XXXX021 Duplicates checks in connection_ap_handshake_attach_circuit + * XXXX021 Fix this, then backport it? */ + routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1); + int opt = conn->_base.chosen_exit_optional; + if (router && !connection_ap_can_use_exit(conn, router)) { + log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP, + "Requested exit point '%s' would refuse request. %s.", + conn->chosen_exit_name, opt ? "Trying others" : "Closing"); + if (opt) { + conn->_base.chosen_exit_optional = 0; + tor_free(conn->chosen_exit_name); + /* Try again. */ + return circuit_get_open_circ_or_launch(conn, + desired_circuit_purpose, + circp); + } + return -1; + } } } |