Refuse to make direct connections to private OR addresses

Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.

Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.

Patch by "teor".

1 files changed, 8 insertions, 0 deletions

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 0688398f6d..933d70bd8b 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -498,6 +498,14 @@ circuit_handle_first_hop(origin_circuit_t *circ)
   tor_assert(firsthop);
   tor_assert(firsthop->extend_info);
 
+  /* XX/teor - does tor ever need build a circuit directly to itself? */
+  if (tor_addr_is_internal(&firsthop->extend_info->addr, 0) &&
+      !get_options()->ExtendAllowPrivateAddresses) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to connect directly to a private address");
+    return -END_CIRC_REASON_TORPROTOCOL;
+  }
+
   /* now see if we're already connected to the first OR in 'route' */
   log_debug(LD_CIRC,"Looking for firsthop '%s'",
             fmt_addrport(&firsthop->extend_info->addr,