aboutsummaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-10-28 15:33:12 -0400
committerNick Mathewson <nickm@torproject.org>2016-10-28 15:33:12 -0400
commitada75d5567783d7326b3a91263a5630abaf0684e (patch)
tree825fb683650d599e2b3242de7c588aed3c3b071d /src/or
parentf3e158edf7d8128d4f1e028c5604e70469730947 (diff)
downloadtor-ada75d5567783d7326b3a91263a5630abaf0684e.tar.gz
tor-ada75d5567783d7326b3a91263a5630abaf0684e.zip
Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be exhaustive with an actual check for exhaustiveness. It turns out, they were exhaustive, but not in the way I had assumed. :( Bug introduced in f3e158edf7d8128, not in any released Tor.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/connection_edge.c42
1 files changed, 24 insertions, 18 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 6b68a19836..27a025173c 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1571,24 +1571,30 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
tor_addr_t dummy_addr;
int socks_family = tor_addr_parse(&dummy_addr, socks->address);
/* family will be -1 for a non-onion hostname that's not an IP */
- if (socks_family == -1 && !conn->entry_cfg.dns_request) {
- log_warn(LD_APP, "Refusing to connect to hostname %s "
- "because Port has NoDNSRequest set.",
- safe_str_client(socks->address));
- connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
- return -1;
- } else if (socks_family == AF_INET && !conn->entry_cfg.ipv4_traffic) {
- log_warn(LD_APP, "Refusing to connect to IPv4 address %s because "
- "Port has NoIPv4Traffic set.",
- safe_str_client(socks->address));
- connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
- return -1;
- } else if (socks_family == AF_INET6 && !conn->entry_cfg.ipv6_traffic) {
- log_warn(LD_APP, "Refusing to connect to IPv6 address %s because "
- "Port has NoIPv6Traffic set.",
- safe_str_client(socks->address));
- connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
- return -1;
+ if (socks_family == -1) {
+ if (!conn->entry_cfg.dns_request) {
+ log_warn(LD_APP, "Refusing to connect to hostname %s "
+ "because Port has NoDNSRequest set.",
+ safe_str_client(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ }
+ } else if (socks_family == AF_INET) {
+ if (!conn->entry_cfg.ipv4_traffic) {
+ log_warn(LD_APP, "Refusing to connect to IPv4 address %s because "
+ "Port has NoIPv4Traffic set.",
+ safe_str_client(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ }
+ } else if (socks_family == AF_INET6) {
+ if (!conn->entry_cfg.ipv6_traffic) {
+ log_warn(LD_APP, "Refusing to connect to IPv6 address %s because "
+ "Port has NoIPv6Traffic set.",
+ safe_str_client(socks->address));
+ connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
+ return -1;
+ }
} else {
tor_assert_nonfatal_unreached_once();
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion