diff options
| author | Neel Chauhan <neel@neelc.org> | 2019-07-19 12:56:02 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-08-26 18:21:56 -0400 |
| commit | d9a7d4779887dbd2cba082c2a5daa535fe0d36ce (patch) | |
| tree | 8bebf52e1ed19a166b450fcfe4ae6f353129e193 /src/feature/dirauth | |
| parent | 5303dbe6249ed4b1e268f7a5c41ed6a638c4d0e3 (diff) | |
| download | tor-d9a7d4779887dbd2cba082c2a5daa535fe0d36ce.tar.gz tor-d9a7d4779887dbd2cba082c2a5daa535fe0d36ce.zip | |
Check for private IPv6 addresses in dirserv_router_has_valid_address()
Diffstat (limited to 'src/feature/dirauth')
| -rw-r--r-- | src/feature/dirauth/process_descs.c | 16 | ||||
| -rw-r--r-- | src/feature/dirauth/process_descs.h | 4 |
2 files changed, 17 insertions, 3 deletions
diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index a68d155651..e1a02179b0 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -428,7 +428,7 @@ dirserv_free_fingerprint_list(void) /** Return -1 if <b>ri</b> has a private or otherwise bad address, * unless we're configured to not care. Return 0 if all ok. */ -static int +STATIC int dirserv_router_has_valid_address(routerinfo_t *ri) { tor_addr_t addr; @@ -436,12 +436,22 @@ dirserv_router_has_valid_address(routerinfo_t *ri) return 0; /* whatever it is, we're fine with it */ tor_addr_from_ipv4h(&addr, ri->addr); - if (tor_addr_is_internal(&addr, 0)) { + if (tor_addr_is_internal(&addr, 0) || tor_addr_is_null(&addr)) { + log_info(LD_DIRSERV, + "Router %s published internal IPv4 address. Refusing.", + router_describe(ri)); + return -1; /* it's a private IP, we should reject it */ + } + /* We only check internal v6 on non-null addresses because we do not require + * IPv6 and null IPv6 is normal. */ + if (tor_addr_is_internal(&ri->ipv6_addr, 0) && + !tor_addr_is_null(&ri->ipv6_addr)) { log_info(LD_DIRSERV, - "Router %s published internal IP address. Refusing.", + "Router %s published internal IPv6 address. Refusing.", router_describe(ri)); return -1; /* it's a private IP, we should reject it */ } + return 0; } diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h index 001c866eba..1d4085b091 100644 --- a/src/feature/dirauth/process_descs.h +++ b/src/feature/dirauth/process_descs.h @@ -36,4 +36,8 @@ void dirserv_set_node_flags_from_authoritative_status(node_t *node, int dirserv_would_reject_router(const routerstatus_t *rs); +#ifdef TOR_UNIT_TESTS +STATIC int dirserv_router_has_valid_address(routerinfo_t *ri); +#endif /* defined(TOR_UNIT_TESTS) */ + #endif /* !defined(TOR_RECV_UPLOADS_H) */ |