summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-03-17 20:10:57 +0000
committerNick Mathewson <nickm@torproject.org>2008-03-17 20:10:57 +0000
commite17e6371d1b2ef034f0860a19e5825cae61600be (patch)
treeb567063304e176e28dc668e422675c0a05d0b9b6
parent80ec9e51dd0320d0d106ace510efe057b448f974 (diff)
downloadtor-e17e6371d1b2ef034f0860a19e5825cae61600be.tar.gz
tor-e17e6371d1b2ef034f0860a19e5825cae61600be.zip
r18896@catbus: nickm | 2008-03-17 16:10:54 -0400
Fix bug in earlier bugfix. Note stupidness of allowing NULL policies at all. Disallow empty exit policies in router descriptors. svn:r14082
-rw-r--r--doc/spec/dir-spec.txt11
-rw-r--r--src/or/policies.c10
-rw-r--r--src/or/routerparse.c4
3 files changed, 14 insertions, 11 deletions
diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index fe8039bc7d..9b184aeb87 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -466,11 +466,12 @@ $Id$
[Any number]
- These lines describe an "exit policy": the rules that an OR follows when
- deciding whether to allow a new stream to a given address. The
- 'exitpattern' syntax is described below. The rules are considered in
- order; if no rule matches, the address will be accepted. For clarity,
- the last such entry SHOULD be accept *:* or reject *:*.
+ These lines describe an "exit policy": the rules that an OR follows
+ when deciding whether to allow a new stream to a given address. The
+ 'exitpattern' syntax is described below. There MUST be at least one
+ such entry. The rules are considered in order; if no rule matches,
+ the address will be accepted. For clarity, the last such entry SHOULD
+ be accept *:* or reject *:*.
"router-signature" NL Signature NL
diff --git a/src/or/policies.c b/src/or/policies.c
index 20c1fb9186..cccc72acbb 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -51,7 +51,7 @@ policy_expand_private(smartlist_t **policy)
int i;
smartlist_t *tmp;
- if (!*policy)
+ if (!*policy) /*XXXX021 disallow NULL policies */
return;
tmp = smartlist_create();
@@ -530,10 +530,8 @@ compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
int match = 0;
int maybe = 0;
int i, len;
- if (!policy)
- return ADDR_POLICY_REJECTED;
- len = smartlist_len(policy);
+ len = policy ? smartlist_len(policy) : 0;
for (i = 0; i < len; ++i) {
addr_policy_t *tmpe = smartlist_get(policy, i);
@@ -767,7 +765,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
static const int ports[] = { 80, 443, 6667 };
int n_allowed = 0;
int i;
- if (!policy)
+ if (!policy) /*XXXX021 disallow NULL policies */
return 0;
for (i = 0; i < 3; ++i) {
@@ -793,7 +791,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
int
policy_is_reject_star(smartlist_t *policy)
{
- if (!policy)
+ if (!policy) /*XXXX021 disallow NULL policies */
return 1;
SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
if (p->policy_type == ADDR_POLICY_ACCEPT)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 1b77d992a3..31b10baf30 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1272,6 +1272,10 @@ router_parse_entry_from_string(const char *s, const char *end,
}
exit_policy_tokens = find_all_exitpolicy(tokens);
+ if (!smartlist_len(exit_policy_tokens)) {
+ log_warn(LD_DIR, "No exit policy tokens in descriptor.");
+ goto err;
+ }
SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
if (router_add_exit_policy(router,t)<0) {
log_warn(LD_DIR,"Error in exit policy");