summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2004-08-06 09:56:36 +0000
committerRoger Dingledine <arma@torproject.org>2004-08-06 09:56:36 +0000
commit276d953b2215505cd538a2e00f8b3dc6672f783a (patch)
tree521ce98e3c21cef8eeb30b132ce6d827c64e7ee4 /src
parent9467f5fc4f2b4e206ef17338635d820322d35552 (diff)
downloadtor-276d953b2215505cd538a2e00f8b3dc6672f783a.tar.gz
tor-276d953b2215505cd538a2e00f8b3dc6672f783a.zip
fix an assert: check the sockspolicy before we make/add the connection,
else we close a connection without assigning it a state, which is bad because it fails assert_conn_ok() svn:r2156
Diffstat (limited to 'src')
-rw-r--r--src/or/connection.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/src/or/connection.c b/src/or/connection.c
index 7cbdff9553..0d9eb627c4 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) {
set_socket_nonblocking(news);
+ /* process entrance policies here, before we even create the connection */
+ if(new_type == CONN_TYPE_AP) {
+ /* check sockspolicy to see if we should accept it */
+ if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
+ log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
+ inet_ntoa(remote.sin_addr));
+ tor_close_socket(news);
+ return 0;
+ }
+ }
+
newconn = connection_new(new_type);
newconn->s = news;
@@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) {
case CONN_TYPE_OR:
return connection_tls_start_handshake(conn, 1);
case CONN_TYPE_AP:
- /* check sockspolicy to see if we should accept it */
- if(socks_policy_permits_address(conn->addr) == 0) {
- log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);
- return -1;
- }
conn->state = AP_CONN_STATE_SOCKS_WAIT;
break;
case CONN_TYPE_DIR: