Remove AllowDotExit.

It's been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
author: Nick Mathewson <nickm@torproject.org> 2017-09-07 09:51:45 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-09-15 12:09:33 -0400
commit: f02fd6c3af71141241137403d070d72310cbfd82 (patch)
tree: 63c2cc015d590aabf08ac20569e496985208ce11 /src/or
parent: 8421756da3fc3cc116d17fe96b50384c0d79af8b (diff)
download: tor-f02fd6c3af71141241137403d070d72310cbfd82.tar.gz
tor-f02fd6c3af71141241137403d070d72310cbfd82.zip
3 files changed, 11 insertions, 21 deletions
diff --git a/src/or/config.c b/src/or/config.c
index eb89d6f5ee..d2c076b712 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -206,7 +206,7 @@ static config_var_t option_vars_[] = {
   VAR("AccountingRule",          STRING,   AccountingRule_option,  "max"),
   V(AccountingStart,             STRING,   NULL),
   V(Address,                     STRING,   NULL),
-  V(AllowDotExit,                BOOL,     "0"),
+  OBSOLETE("AllowDotExit"),
   OBSOLETE("AllowInvalidNodes"),
   V(AllowNonRFC953Hostnames,     BOOL,     "0"),
   OBSOLETE("AllowSingleHopCircuits"),
@@ -671,8 +671,6 @@ static const config_var_t testing_tor_network_defaults[] = {
 
 static const config_deprecation_t option_deprecation_notes_[] = {
   /* Deprecated since 0.2.9.2-alpha... */
-  { "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
-    "a wide variety of application-level attacks." },
   { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
     "easier to fingerprint, and may open you to esoteric attacks." },
   /* End of options deprecated since 0.2.9.2-alpha. */
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index a9fdeee0ee..37d82e2ae0 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1235,10 +1235,9 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
   /* Check for whether this is a .exit address.  By default, those are
    * disallowed when they're coming straight from the client, but you're
    * allowed to have them in MapAddress commands and so forth. */
-  if (!strcmpend(socks->address, ".exit") && !options->AllowDotExit) {
+  if (!strcmpend(socks->address, ".exit")) {
     log_warn(LD_APP, "The  \".exit\" notation is disabled in Tor due to "
-             "security risks. Set AllowDotExit in your torrc to enable "
-             "it (at your own risk).");
+             "security risks.");
     control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                 escaped(socks->address));
     out->end_reason = END_STREAM_REASON_TORPROTOCOL;
@@ -1653,23 +1652,23 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
     const node_t *node = NULL;
 
     /* If this .exit was added by an AUTOMAP, then it came straight from
-     * a user.  Make sure that options->AllowDotExit permits that! */
-    if (exit_source == ADDRMAPSRC_AUTOMAP && !options->AllowDotExit) {
-      /* Whoops; this one is stale.  It must have gotten added earlier,
-       * when AllowDotExit was on. */
-      log_warn(LD_APP,"Stale automapped address for '%s.exit', with "
-               "AllowDotExit disabled. Refusing.",
+     * a user.  That's not safe. */
+    if (exit_source == ADDRMAPSRC_AUTOMAP) {
+      /* Whoops; this one is stale.  It must have gotten added earlier?
+       * (Probably this is not possible, since AllowDotExit no longer
+       * exists.) */
+      log_warn(LD_APP,"Stale automapped address for '%s.exit'. Refusing.",
                safe_str_client(socks->address));
       control_event_client_status(LOG_WARN, "SOCKS_BAD_HOSTNAME HOSTNAME=%s",
                                   escaped(socks->address));
       connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
+      tor_assert_nonfatal_unreached();
       return -1;
     }
 
     /* Double-check to make sure there are no .exits coming from
      * impossible/weird sources. */
-    if (exit_source == ADDRMAPSRC_DNS ||
-        (exit_source == ADDRMAPSRC_NONE && !options->AllowDotExit)) {
+    if (exit_source == ADDRMAPSRC_DNS || exit_source == ADDRMAPSRC_NONE) {
       /* It shouldn't be possible to get a .exit address from any of these
        * sources. */
       log_warn(LD_BUG,"Address '%s.exit', with impossible source for the "
diff --git a/src/or/or.h b/src/or/or.h
index 5a543b498c..b445d48088 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4160,13 +4160,6 @@ typedef struct {
    * if we are a cache).  For authorities, this is always true. */
   int DownloadExtraInfo;
 
-  /** If true, we convert "www.google.com.foo.exit" addresses on the
-   * socks/trans/natd ports into "www.google.com" addresses that
-   * exit from the node "foo". Disabled by default since attacking
-   * websites and exit relays can use it to manipulate your path
-   * selection. */
-  int AllowDotExit;
-
   /** If true, we're configured to collect statistics on clients
    * requesting network statuses from us as directory. */
   int DirReqStatistics_option;
author	Nick Mathewson <nickm@torproject.org>	2017-09-07 09:51:45 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-09-15 12:09:33 -0400
commit	f02fd6c3af71141241137403d070d72310cbfd82 (patch)
tree	63c2cc015d590aabf08ac20569e496985208ce11 /src/or
parent	8421756da3fc3cc116d17fe96b50384c0d79af8b (diff)
download	tor-f02fd6c3af71141241137403d070d72310cbfd82.tar.gz tor-f02fd6c3af71141241137403d070d72310cbfd82.zip