Merge remote-tracking branch 'sebastian/bug20064'

3 files changed, 11 insertions, 2 deletions

diff --git a/changes/bug20064 b/changes/bug20064
new file mode 100644
index 0000000000..38d3b91cfa
--- /dev/null
+++ b/changes/bug20064
@@ -0,0 +1,5 @@
+  o Minor bugfixes (Directory Authority):
+   - When allowing private addresses, mark Exits that only exit to
+     private locations as such. Fixes bug 20064; bugfix on
+     0.2.2.9-alpha.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 2e7a3537b1..8f5d174f60 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2163,7 +2163,9 @@ on the public Tor network.
 [[DirAllowPrivateAddresses]] **DirAllowPrivateAddresses** **0**|**1**::
     If set to 1, Tor will accept server descriptors with arbitrary "Address"
     elements. Otherwise, if the address is not an IP address or is a private IP
-    address, it will reject the server descriptor. (Default: 0)
+    address, it will reject the server descriptor. Additionally, Tor
+    will allow exit policies for private networks to fulfill Exit flag
+    requirements. (Default: 0)
 
 [[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
     Authoritative directories only. A set of address patterns for servers that
diff --git a/src/or/policies.c b/src/or/policies.c
index 07f256f5cc..44a46d2fe2 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -2119,8 +2119,10 @@ exit_policy_is_general_exit_helper(smartlist_t *policy, int port)
       if (subnet_status[i] != 0)
         continue; /* We already reject some part of this /8 */
       tor_addr_from_ipv4h(&addr, i<<24);
-      if (tor_addr_is_internal(&addr, 0))
+      if (tor_addr_is_internal(&addr, 0) &&
+          !get_options()->DirAllowPrivateAddresses) {
         continue; /* Local or non-routable addresses */
+      }
       if (p->policy_type == ADDR_POLICY_ACCEPT) {
         if (p->maskbits > 8)
           continue; /* Narrower than a /8. */