summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-09-23 20:26:05 +0000
committerNick Mathewson <nickm@torproject.org>2008-09-23 20:26:05 +0000
commitb9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1 (patch)
tree47da9a14aad9658752903888c84fa635c99ae886 /src
parent9d296f7701cfa35d4faacba679808f5ad65081b5 (diff)
downloadtor-b9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1.tar.gz
tor-b9ea49103ac4ee8b2b2d8adba23c99a356e5dcb1.zip
(Backport to 0.2.0 branch) Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede. Bugfix, amusingly, on 0.0.9rc5.
svn:r16945
Diffstat (limited to 'src')
-rw-r--r--src/or/connection_edge.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index b42dadf49c..76388c7e56 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2807,8 +2807,12 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
addr = ntohl(in.s_addr);
r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
exit->exit_policy);
- if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
- return 0;
+ if (r == ADDR_POLICY_REJECTED)
+ return 0; /* We know the address, and the exit policy rejects it. */
+ if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name)
+ return 0; /* We don't know the addr, but the exit policy rejects most
+ * addresses with this port. Since the user didn't ask for
+ * this node, err on the side of caution. */
} else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
/* Can't support reverse lookups without eventdns. */
if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR &&
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion