diff options
| author | Roger Dingledine <arma@torproject.org> | 2008-11-20 22:21:31 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2008-11-20 22:21:31 +0000 |
| commit | 411de1fc79577732b2e5850bcc6331a2362b69e9 (patch) | |
| tree | 5d032f833b52730116f87a32dd1710c52f182357 | |
| parent | 6489570b89540cfa893ce0d005a0ed3e93f09cfe (diff) | |
| download | tor-411de1fc79577732b2e5850bcc6331a2362b69e9.tar.gz tor-411de1fc79577732b2e5850bcc6331a2362b69e9.zip | |
backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
svn:r17342
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | doc/TODO.020 | 2 | ||||
| -rw-r--r-- | src/or/relay.c | 7 |
3 files changed, 11 insertions, 3 deletions
@@ -7,6 +7,11 @@ Changes in version 0.2.0.32 - 2008-??-?? detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857. + - The "ClientDNSRejectInternalAddresses" config option wasn't being + consistently obeyed: if an exit relay refuses a stream because its + exit policy doesn't allow it, we would remember what IP address + the relay said the destination address resolves to, even if it's + an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv. o Major bugfixes: - Fix a DOS opportunity during the voting signature collection process diff --git a/doc/TODO.020 b/doc/TODO.020 index d141114094..77db404f18 100644 --- a/doc/TODO.020 +++ b/doc/TODO.020 @@ -3,7 +3,7 @@ description of the patch.) Backport for 0.2.0: - - r17135: ClientDNSRejectInternalAddresses not consistently obeyed. + o r17135: ClientDNSRejectInternalAddresses not consistently obeyed. Backport for 0.2.0 once better tested: o r16136: prevent circid collision. [Also backport to 0.1.2.x??] diff --git a/src/or/relay.c b/src/or/relay.c index 58b3d9eaf6..98e1d1b806 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -751,8 +751,11 @@ connection_edge_process_end_not_open( ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5)); else ttl = -1; - client_dns_set_addressmap(conn->socks_request->address, addr, - conn->chosen_exit_name, ttl); + + if (!(get_options()->ClientDNSRejectInternalAddresses && + is_internal_IP(addr, 0))) + client_dns_set_addressmap(conn->socks_request->address, addr, + conn->chosen_exit_name, ttl); } /* check if he *ought* to have allowed it */ if (exitrouter && |