obey exit policies for addresses too

svn:r555

1 files changed, 9 insertions, 5 deletions

diff --git a/src/or/routers.c b/src/or/routers.c
index 5921ce9f17..4aef1cf143 100644
--- a/src/or/routers.c
+++ b/src/or/routers.c
@@ -1038,6 +1038,7 @@ policy_read_failed:
  */
 int router_compare_to_exit_policy(connection_t *conn) {
   struct exit_policy_t *tmpe;
+  struct in_addr in;
 
   assert(desc_routerinfo);
 
@@ -1045,10 +1046,14 @@ int router_compare_to_exit_policy(connection_t *conn) {
     assert(tmpe->address);
     assert(tmpe->port);
 
-    /* Totally ignore the address field of the exit policy, for now. */
-
-    if(!strcmp(tmpe->port,"*") || atoi(tmpe->port) == conn->port) {
-      log_fn(LOG_INFO,"Port '%s' matches '%d'. %s.",
+    if(inet_aton(tmpe->address,&in) == 0) { /* malformed IP. reject. */
+      log_fn(LOG_WARNING,"Malformed IP %s in exit policy. Rejecting.",tmpe->address);
+      return -1;
+    }
+    if(conn->addr == ntohl(in.s_addr) &&
+       (!strcmp(tmpe->port,"*") || atoi(tmpe->port) == conn->port)) {
+      log_fn(LOG_INFO,"Address '%s' matches '%s' and port '%s' matches '%d'. %s.",
+          tmpe->address, conn->address,
           tmpe->port, conn->port,
           tmpe->policy_type == EXIT_POLICY_ACCEPT ? "Accepting" : "Rejecting");
       if(tmpe->policy_type == EXIT_POLICY_ACCEPT)
@@ -1057,7 +1062,6 @@ int router_compare_to_exit_policy(connection_t *conn) {
         return -1;
     }
   }
-
   return 0; /* accept all by default. */
 }