summaryrefslogtreecommitdiff
path: root/src/or/routerparse.c
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-16 08:49:06 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-16 08:51:35 +1100
commitce92335214f4490f0e14487a99415c26777be2a8 (patch)
tree56c59ff6670b07a6ddef697a52c6c4602523a674 /src/or/routerparse.c
parentcd0a5db5e9ffbe873fba1a0f4965cdd008824247 (diff)
downloadtor-ce92335214f4490f0e14487a99415c26777be2a8.tar.gz
tor-ce92335214f4490f0e14487a99415c26777be2a8.zip
Add policy assume_action support for IPv6 addresses
These IPv6 addresses must be quoted, because : is the port separator, and "acce" is a valid hex block. Add unit tests for assumed actions in IPv6 policies.
Diffstat (limited to 'src/or/routerparse.c')
-rw-r--r--src/or/routerparse.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 8170bbb057..f5a003ea70 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -3684,8 +3684,8 @@ router_parse_addr_policy_item_from_string,(const char *s, int assume_action,
directory_token_t *tok = NULL;
const char *cp, *eos;
/* Longest possible policy is
- * "accept6 ffff:ffff:..255/128:10000-65535",
- * which contains a max-length IPv6 address, plus 24 characters.
+ * "accept6 [ffff:ffff:..255]/128:10000-65535",
+ * which contains a max-length IPv6 address, plus 26 characters.
* But note that there can be an arbitrary amount of space between the
* accept and the address:mask/port element.
* We don't need to multiply TOR_ADDR_BUF_LEN by 2, as there is only one
@@ -3700,7 +3700,9 @@ router_parse_addr_policy_item_from_string,(const char *s, int assume_action,
*malformed_list = 0;
s = eat_whitespace(s);
- if ((*s == '*' || TOR_ISDIGIT(*s)) && assume_action >= 0) {
+ /* We can only do assume_action on []-quoted IPv6, as "a" (accept)
+ * and ":" (port separator) are ambiguous */
+ if ((*s == '*' || *s == '[' || TOR_ISDIGIT(*s)) && assume_action >= 0) {
if (tor_snprintf(line, sizeof(line), "%s %s",
assume_action == ADDR_POLICY_ACCEPT?"accept":"reject", s)<0) {
log_warn(LD_DIR, "Policy %s is too long.", escaped(s));