Merge remote-tracking branch 'teor/first-hop-no-private'

author: Nick Mathewson <nickm@torproject.org> 2015-12-09 10:47:59 -0500
committer: Nick Mathewson <nickm@torproject.org> 2015-12-09 10:47:59 -0500
commit: caff66530924f45ce8aacdef0f00002a0b001ccd (patch)
tree: 996bb3f78f83c969b8f7ef1d301a8afe41895685 /src/or
parent: d6a3b1f0199db5b6d792f84b5073e532e4c6d10b (diff)
parent: 45f2e7ec040c20d2640de2df1ce5da94d338f76f (diff)
download: tor-caff66530924f45ce8aacdef0f00002a0b001ccd.tar.gz
tor-caff66530924f45ce8aacdef0f00002a0b001ccd.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 0688398f6d..933d70bd8b 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -498,6 +498,14 @@ circuit_handle_first_hop(origin_circuit_t *circ)
   tor_assert(firsthop);
   tor_assert(firsthop->extend_info);
 
+  /* XX/teor - does tor ever need build a circuit directly to itself? */
+  if (tor_addr_is_internal(&firsthop->extend_info->addr, 0) &&
+      !get_options()->ExtendAllowPrivateAddresses) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to connect directly to a private address");
+    return -END_CIRC_REASON_TORPROTOCOL;
+  }
+
   /* now see if we're already connected to the first OR in 'route' */
   log_debug(LD_CIRC,"Looking for firsthop '%s'",
             fmt_addrport(&firsthop->extend_info->addr,
author	Nick Mathewson <nickm@torproject.org>	2015-12-09 10:47:59 -0500
committer	Nick Mathewson <nickm@torproject.org>	2015-12-09 10:47:59 -0500
commit	caff66530924f45ce8aacdef0f00002a0b001ccd (patch)
tree	996bb3f78f83c969b8f7ef1d301a8afe41895685 /src/or
parent	d6a3b1f0199db5b6d792f84b5073e532e4c6d10b (diff)
parent	45f2e7ec040c20d2640de2df1ce5da94d338f76f (diff)
download	tor-caff66530924f45ce8aacdef0f00002a0b001ccd.tar.gz tor-caff66530924f45ce8aacdef0f00002a0b001ccd.zip