diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
| commit | 514f0041d190b9e142cc246e3ec7ac65342547bd (patch) | |
| tree | 4476a6dbcb443e380267cc120b21ed230137b812 /src/test | |
| parent | 64ee7bcd0c8e154269145b626a7cd56b9d6264a1 (diff) | |
| download | tor-514f0041d190b9e142cc246e3ec7ac65342547bd.tar.gz tor-514f0041d190b9e142cc246e3ec7ac65342547bd.zip | |
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.
Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/test_policy.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 14182af86b..a972bd5b29 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -1082,10 +1082,32 @@ test_policies_getinfo_helper_policies(void *arg) append_exit_policy_string(&mock_my_routerinfo.exit_policy, "reject *6:*"); mock_options.IPv6Exit = 1; - mock_options.ExitPolicyRejectPrivate = 1; tor_addr_from_ipv4h(&mock_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR); tor_addr_parse(&mock_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR); + mock_options.ExitPolicyRejectPrivate = 1; + mock_options.ExitPolicyRejectLocalInterfaces = 1; + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tor_free(answer); + + mock_options.ExitPolicyRejectPrivate = 1; + mock_options.ExitPolicyRejectLocalInterfaces = 0; + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tor_free(answer); + + mock_options.ExitPolicyRejectPrivate = 0; + mock_options.ExitPolicyRejectLocalInterfaces = 1; + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", &answer, &errmsg); tt_assert(rv == 0); @@ -1093,6 +1115,16 @@ test_policies_getinfo_helper_policies(void *arg) tt_assert(strlen(answer) > 0); tor_free(answer); + mock_options.ExitPolicyRejectPrivate = 0; + mock_options.ExitPolicyRejectLocalInterfaces = 0; + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) == 0); + tor_free(answer); + rv = getinfo_helper_policies(NULL, "exit-policy/ipv4", &answer, &errmsg); tt_assert(rv == 0); |