ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses

ExitPolicyRejectPrivate now rejects more local addresses by default: * the relay's published IPv6 address (if any), and * any publicly routable IPv4 or IPv6 addresses on any local interfaces. This resolves a security issue for IPv6 Exits and multihomed Exits that trust connections originating from localhost. Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-09-15 18:34:18 +1000
committer: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-09-16 02:56:50 +1000
commit: 098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d (patch)
tree: bc40d90c97de2a09a6c1e277ea3c5f2c455f8787 /src/or/router.c
parent: 31eb486c4624d1437d982ffdfc1f9d7d83c5ffd6 (diff)
download: tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.tar.gz
tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/or/router.c b/src/or/router.c
index 03973ae90a..8fdad9a5fa 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1922,7 +1922,7 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
     /* DNS is screwed up; don't claim to be an exit. */
     policies_exit_policy_append_reject_star(&ri->exit_policy);
   } else {
-    policies_parse_exit_policy_from_options(options,ri->addr,
+    policies_parse_exit_policy_from_options(options,ri->addr,&ri->ipv6_addr,1,
                                             &ri->exit_policy);
   }
   ri->policy_is_reject_star =
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-09-15 18:34:18 +1000
committer	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-09-16 02:56:50 +1000
commit	098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d (patch)
tree	bc40d90c97de2a09a6c1e277ea3c5f2c455f8787 /src/or/router.c
parent	31eb486c4624d1437d982ffdfc1f9d7d83c5ffd6 (diff)
download	tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.tar.gz tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.zip