Merge branch 'maint-0.3.2'

4 files changed, 17 insertions, 11 deletions

diff --git a/src/or/config.c b/src/or/config.c
index b09535ba0a..252d50944b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -170,8 +170,6 @@ static config_abbrev_t option_abbrevs_[] = {
   { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
   { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
   { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
-  { "ClientDNSRejectInternalAddresses",
-    "TestingClientDNSRejectInternalAddresses", 0, 1, },
   { NULL, NULL, 0, 0},
 };
 
@@ -263,7 +261,7 @@ static config_var_t option_vars_[] = {
   V(CircuitsAvailableTimeout,    INTERVAL, "0"),
   V(CircuitStreamTimeout,        INTERVAL, "0"),
   V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
-  V(TestingClientDNSRejectInternalAddresses, BOOL,"1"),
+  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
   V(ClientOnly,                  BOOL,     "0"),
   V(ClientPreferIPv6ORPort,      AUTOBOOL, "auto"),
   V(ClientPreferIPv6DirPort,     AUTOBOOL, "auto"),
@@ -651,7 +649,7 @@ static const config_var_t testing_tor_network_defaults[] = {
     "0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
   V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"),
   V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"),
-  V(TestingClientDNSRejectInternalAddresses, BOOL,"0"),
+  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
   V(ClientRejectInternalAddresses, BOOL,   "0"),
   V(CountPrivateBandwidth,       BOOL,     "1"),
   V(ExitPolicyRejectPrivate,     BOOL,     "0"),
@@ -696,7 +694,12 @@ static const config_var_t testing_tor_network_defaults[] = {
 #undef OBSOLETE
 
 static const config_deprecation_t option_deprecation_notes_[] = {
-  /* Deprecated since 0.3.2.1-alpha. */
+  /* Deprecated since 0.2.9.2-alpha... */
+  { "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
+    "a wide variety of application-level attacks." },
+  /* End of options deprecated since 0.2.9.2-alpha. */
+
+  /* Deprecated since 0.3.2.0-alpha. */
   { "HTTPProxy", "It only applies to direct unencrypted HTTP connections "
     "to your directory server, which your Tor probably wasn't using." },
   { "HTTPProxyAuthenticator", "HTTPProxy is deprecated in favor of HTTPSProxy "
@@ -4258,9 +4261,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
   CHECK_DEFAULT(TestingSigningKeySlop);
   CHECK_DEFAULT(TestingAuthKeySlop);
   CHECK_DEFAULT(TestingLinkKeySlop);
-  CHECK_DEFAULT(TestingClientDNSRejectInternalAddresses);
 #undef CHECK_DEFAULT
 
+  if (!options->ClientDNSRejectInternalAddresses &&
+      !(options->DirAuthorities ||
+        (options->AlternateDirAuthority && options->AlternateBridgeAuthority)))
+    REJECT("ClientDNSRejectInternalAddresses used for default network.");
   if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
     REJECT("SigningKeyLifetime is too short.");
   if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index c63b25165f..41f0fe6a1d 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1344,7 +1344,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
     /* Hang on, did we find an answer saying that this is a reverse lookup for
      * an internal address?  If so, we should reject it if we're configured to
      * do so. */
-    if (options->TestingClientDNSRejectInternalAddresses) {
+    if (options->ClientDNSRejectInternalAddresses) {
       /* Don't let clients try to do a reverse lookup on 10.0.0.1. */
       tor_addr_t addr;
       int ok;
diff --git a/src/or/or.h b/src/or/or.h
index 0a4d712976..a68f1c3c47 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4207,7 +4207,7 @@ typedef struct {
   /** If true, do not believe anybody who tells us that a domain resolves
    * to an internal address, or that an internal address has a PTR mapping.
    * Helps avoid some cross-site attacks. */
-  int TestingClientDNSRejectInternalAddresses;
+  int ClientDNSRejectInternalAddresses;
 
   /** If true, do not accept any requests to connect to internal addresses
    * over randomly chosen exits. */
diff --git a/src/or/relay.c b/src/or/relay.c
index 48c1dd6f8d..09f70793d3 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -949,7 +949,7 @@ connection_ap_process_end_not_open(
             connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
             return 0;
           }
-          if (get_options()->TestingClientDNSRejectInternalAddresses &&
+          if (get_options()->ClientDNSRejectInternalAddresses &&
               tor_addr_is_internal(&addr, 0)) {
             log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
                      safe_str(conn->socks_request->address));
@@ -1366,7 +1366,7 @@ connection_edge_process_resolved_cell(edge_connection_t *conn,
     goto done;
   }
 
-  if (get_options()->TestingClientDNSRejectInternalAddresses) {
+  if (get_options()->ClientDNSRejectInternalAddresses) {
     int orig_len = smartlist_len(resolved_addresses);
     SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
       if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
@@ -1459,7 +1459,7 @@ connection_edge_process_relay_cell_not_open(
     if (tor_addr_family(&addr) != AF_UNSPEC) {
       const sa_family_t family = tor_addr_family(&addr);
       if (tor_addr_is_null(&addr) ||
-          (get_options()->TestingClientDNSRejectInternalAddresses &&
+          (get_options()->ClientDNSRejectInternalAddresses &&
            tor_addr_is_internal(&addr, 0))) {
         log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
                  fmt_addr(&addr));