diff options
| author | teor <teor2345@gmail.com> | 2017-02-01 15:31:33 +1100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-02-01 09:39:06 -0500 |
| commit | 408c53b7a78767e04124fec4c4d470fe474e4906 (patch) | |
| tree | 2ea25aa1880d8f844012aac45cda12894d608904 /src/test/test_policy.c | |
| parent | 4667a40ca944134866b95b10407a7e471206aa00 (diff) | |
| download | tor-408c53b7a78767e04124fec4c4d470fe474e4906.tar.gz tor-408c53b7a78767e04124fec4c4d470fe474e4906.zip | |
Scale IPv6 address counts in policy_summary_reject to avoid overflow
This disregards anything smaller than an IPv6 /64, and rejects ports that
are rejected on an IPv6 /16 or larger.
Adjust existing unit tests, and add more to cover exceptional cases.
No IPv4 behaviour changes.
Fixes bug 21357
Diffstat (limited to 'src/test/test_policy.c')
| -rw-r--r-- | src/test/test_policy.c | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/src/test/test_policy.c b/src/test/test_policy.c index fb7195abfa..f2d42b9561 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -594,13 +594,51 @@ test_policies_general(void *arg) /* short policy with configured netblocks */ test_policy_summary_helper("reject 149.56.0.0/16," "reject6 2607:5300::/32," + "reject6 2608:5300::/64," + "reject6 2609:5300::/96," + "accept *:80," + "accept *:443," + "reject *:*", + "accept 80,443"); + /* short policy with large netblocks that do not count as a rejection */ + test_policy_summary_helper("reject 148.0.0.0/7," + "reject6 2600::/16," "accept *:80," "accept *:443," "reject *:*", "accept 80,443"); /* short policy with large netblocks that count as a rejection */ - test_policy_summary_helper("reject 149.0.0.0/6," - "reject6 2600::/6," + test_policy_summary_helper("reject 148.0.0.0/6," + "reject6 2600::/15," + "accept *:80," + "accept *:443," + "reject *:*", + "reject 1-65535"); + /* short policy with huge netblocks that count as a rejection */ + test_policy_summary_helper("reject 128.0.0.0/1," + "reject6 8000::/1," + "accept *:80," + "accept *:443," + "reject *:*", + "reject 1-65535"); + /* short policy which blocks everything using netblocks */ + test_policy_summary_helper("reject 0.0.0.0/0," + "reject6 ::/0," + "accept *:80," + "accept *:443," + "reject *:*", + "reject 1-65535"); + /* short policy which has repeated redundant netblocks */ + test_policy_summary_helper("reject 0.0.0.0/0," + "reject 0.0.0.0/0," + "reject 0.0.0.0/0," + "reject 0.0.0.0/0," + "reject 0.0.0.0/0," + "reject6 ::/0," + "reject6 ::/0," + "reject6 ::/0," + "reject6 ::/0," + "reject6 ::/0," "accept *:80," "accept *:443," "reject *:*", |