diff options
| author | David Goulet <dgoulet@ev0ke.net> | 2015-12-08 13:42:27 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@ev0ke.net> | 2015-12-08 15:57:12 -0500 |
| commit | 4a7964b3bcfa5439ba10e227c2ca8a4564123538 (patch) | |
| tree | ab278a1bb2a399c97c76cef979c675c53c0b4f5b /src/or/circuitbuild.h | |
| parent | b701b7962b256ad7c4c43ad191a8ee094613af11 (diff) | |
| download | tor-4a7964b3bcfa5439ba10e227c2ca8a4564123538.tar.gz tor-4a7964b3bcfa5439ba10e227c2ca8a4564123538.zip | |
Don't allow a rendezvous point to have a private address
When an HS process an INTRODUCE2 cell, we didn't validate if the IP address
of the rendezvous point was a local address. If it's the case, we end up
wasting resources by trying to extend to a local address which fails since
we do not allow that in circuit_extend().
This commit now rejects a rendezvous point that has a local address once
seen at the hidden service side unless ExtendAllowPrivateAddresses is set.
Fixes #8976
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Diffstat (limited to 'src/or/circuitbuild.h')
| -rw-r--r-- | src/or/circuitbuild.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 01563791b7..5d6222e8f8 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -53,6 +53,7 @@ extend_info_t *extend_info_new(const char *nickname, const char *digest, extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect); extend_info_t *extend_info_dup(extend_info_t *info); void extend_info_free(extend_info_t *info); +int extend_info_addr_is_allowed(const tor_addr_t *addr); const node_t *build_state_get_exit_node(cpath_build_state_t *state); const char *build_state_get_exit_nickname(cpath_build_state_t *state); |