diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-01-20 12:36:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-01-20 13:09:10 -0500 |
| commit | d4354b506be924853cae838881202b205b4d45f2 (patch) | |
| tree | 6bb2302e91777f60580bcf57201b433e66a98f69 /src/or/connection.c | |
| parent | c939509051f90d7276355783b255d4a15730efab (diff) | |
| download | tor-d4354b506be924853cae838881202b205b4d45f2.tar.gz tor-d4354b506be924853cae838881202b205b4d45f2.zip | |
Don't use OutboundBindAddress to connect to localhost
The OutboundBindAddress option is useful for making sure that all of
your outbond connections use a given interface. But when connecting
to 127.0.0.1 (or ::1 even) it's important to actually have the
connection come _from_ localhost, since lots of programs running on
localhost use the source address to authenticate that the connection
is really coming from the same host.
Our old code always bound to OutboundBindAddress, whether connecting
to localhost or not. This would potentially break DNS servers on
localhost, and socks proxies on localhost. This patch changes the
behavior so that we only look at OutboundBindAddress when connecting
to a non-loopback address.
Diffstat (limited to 'src/or/connection.c')
| -rw-r--r-- | src/or/connection.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/or/connection.c b/src/or/connection.c index 6506cf81fd..eeb25c1828 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1236,7 +1236,7 @@ connection_connect(connection_t *conn, const char *address, return -1; } - if (options->OutboundBindAddress) { + if (options->OutboundBindAddress && !tor_addr_is_loopback(addr)) { struct sockaddr_in ext_addr; memset(&ext_addr, 0, sizeof(ext_addr)); |