summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-06-19 19:45:28 -0400
committerNick Mathewson <nickm@torproject.org>2012-06-19 19:50:03 -0400
commitc239c57d3c9a8ddff7db6ed20e836844b17efdae (patch)
treeaf4aad375fa1c817e969b6113906035a8390e2c9 /src
parente6782b355ae77455aaff3af9fe3831c07312a5c8 (diff)
downloadtor-c239c57d3c9a8ddff7db6ed20e836844b17efdae.tar.gz
tor-c239c57d3c9a8ddff7db6ed20e836844b17efdae.zip
Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that an address mapping's source was a given rewrite rule if addr_orig had no .exit, and addr did have a .exit after processing that rule. But addr_orig was formatted for logging: it was not the original address at all, but rather was the address escaped for logging and possibly replaced with "[scrubbed]". This new logic will correctly set ADDRMAPSRC_NONE in the case when the address starts life as a .exit address, so that AllowDotExit can work again. Fixes bug 6211; bugfix on 0.2.3.17-beta
Diffstat (limited to 'src')
-rw-r--r--src/or/connection_edge.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 210c2e03c6..98920781a2 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1100,8 +1100,8 @@ addressmap_match_superdomains(char *address)
* address starts out as a non-exit address, and we remap it to an .exit
* address at any point, then set *<b>exit_source_out</b> to the
* address_entry_source_t of the first such rule. Set *<b>exit_source_out</b>
- * to ADDRMAPSRC_NONE if there is no such rewrite.
- *
+ * to ADDRMAPSRC_NONE if there is no such rewrite, or if the original address
+ * was a .exit.
*/
int
addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
@@ -1111,10 +1111,12 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
int rewrites;
time_t expires = TIME_MAX;
addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE;
+ char *addr_orig = tor_strdup(address);
+ char *log_addr_orig = NULL;
for (rewrites = 0; rewrites < 16; rewrites++) {
int exact_match = 0;
- char *addr_orig = tor_strdup(escaped_safe_str_client(address));
+ log_addr_orig = tor_strdup(escaped_safe_str_client(address));
ent = strmap_get(addressmap, address);
@@ -1125,7 +1127,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
!strcasecmp(address, ent->new_address)) {
/* This is a rule like *.example.com example.com, and we just got
* "example.com" */
- tor_free(addr_orig);
goto done;
}
@@ -1133,7 +1134,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
if (!ent || !ent->new_address) {
- tor_free(addr_orig);
goto done;
}
@@ -1151,10 +1151,11 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
log_info(LD_APP, "Addressmap: rewriting %s to %s",
- addr_orig, escaped_safe_str_client(address));
+ log_addr_orig, escaped_safe_str_client(address));
if (ent->expires > 1 && ent->expires < expires)
expires = ent->expires;
- tor_free(addr_orig);
+
+ tor_free(log_addr_orig);
}
log_warn(LD_CONFIG,
"Loop detected: we've rewritten %s 16 times! Using it as-is.",
@@ -1162,6 +1163,8 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
/* it's fine to rewrite a rewrite, but don't loop forever */
done:
+ tor_free(addr_orig);
+ tor_free(log_addr_orig);
if (exit_source_out)
*exit_source_out = exit_source;
if (expires_out)