diff options
| author | Roger Dingledine <arma@torproject.org> | 2004-08-06 09:56:36 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2004-08-06 09:56:36 +0000 |
| commit | 276d953b2215505cd538a2e00f8b3dc6672f783a (patch) | |
| tree | 521ce98e3c21cef8eeb30b132ce6d827c64e7ee4 /src | |
| parent | 9467f5fc4f2b4e206ef17338635d820322d35552 (diff) | |
| download | tor-276d953b2215505cd538a2e00f8b3dc6672f783a.tar.gz tor-276d953b2215505cd538a2e00f8b3dc6672f783a.zip | |
fix an assert: check the sockspolicy before we make/add the connection,
else we close a connection without assigning it a state, which is bad
because it fails assert_conn_ok()
svn:r2156
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/connection.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/or/connection.c b/src/or/connection.c index 7cbdff9553..0d9eb627c4 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) { set_socket_nonblocking(news); + /* process entrance policies here, before we even create the connection */ + if(new_type == CONN_TYPE_AP) { + /* check sockspolicy to see if we should accept it */ + if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) { + log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", + inet_ntoa(remote.sin_addr)); + tor_close_socket(news); + return 0; + } + } + newconn = connection_new(new_type); newconn->s = news; @@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) { case CONN_TYPE_OR: return connection_tls_start_handshake(conn, 1); case CONN_TYPE_AP: - /* check sockspolicy to see if we should accept it */ - if(socks_policy_permits_address(conn->addr) == 0) { - log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address); - return -1; - } conn->state = AP_CONN_STATE_SOCKS_WAIT; break; case CONN_TYPE_DIR: |