diff options
author | Nick Mathewson <nickm@torproject.org> | 2016-10-28 15:33:12 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2016-10-28 15:33:12 -0400 |
commit | ada75d5567783d7326b3a91263a5630abaf0684e (patch) | |
tree | 825fb683650d599e2b3242de7c588aed3c3b071d /src | |
parent | f3e158edf7d8128d4f1e028c5604e70469730947 (diff) | |
download | tor-ada75d5567783d7326b3a91263a5630abaf0684e.tar.gz tor-ada75d5567783d7326b3a91263a5630abaf0684e.zip |
Fix bad warning when checking IP policies.
I had replaced a comment implying that a set of ifs was meant to be
exhaustive with an actual check for exhaustiveness. It turns out,
they were exhaustive, but not in the way I had assumed. :(
Bug introduced in f3e158edf7d8128, not in any released Tor.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/connection_edge.c | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 6b68a19836..27a025173c 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1571,24 +1571,30 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, tor_addr_t dummy_addr; int socks_family = tor_addr_parse(&dummy_addr, socks->address); /* family will be -1 for a non-onion hostname that's not an IP */ - if (socks_family == -1 && !conn->entry_cfg.dns_request) { - log_warn(LD_APP, "Refusing to connect to hostname %s " - "because Port has NoDNSRequest set.", - safe_str_client(socks->address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); - return -1; - } else if (socks_family == AF_INET && !conn->entry_cfg.ipv4_traffic) { - log_warn(LD_APP, "Refusing to connect to IPv4 address %s because " - "Port has NoIPv4Traffic set.", - safe_str_client(socks->address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); - return -1; - } else if (socks_family == AF_INET6 && !conn->entry_cfg.ipv6_traffic) { - log_warn(LD_APP, "Refusing to connect to IPv6 address %s because " - "Port has NoIPv6Traffic set.", - safe_str_client(socks->address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); - return -1; + if (socks_family == -1) { + if (!conn->entry_cfg.dns_request) { + log_warn(LD_APP, "Refusing to connect to hostname %s " + "because Port has NoDNSRequest set.", + safe_str_client(socks->address)); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + } else if (socks_family == AF_INET) { + if (!conn->entry_cfg.ipv4_traffic) { + log_warn(LD_APP, "Refusing to connect to IPv4 address %s because " + "Port has NoIPv4Traffic set.", + safe_str_client(socks->address)); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } + } else if (socks_family == AF_INET6) { + if (!conn->entry_cfg.ipv6_traffic) { + log_warn(LD_APP, "Refusing to connect to IPv6 address %s because " + "Port has NoIPv6Traffic set.", + safe_str_client(socks->address)); + connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY); + return -1; + } } else { tor_assert_nonfatal_unreached_once(); } |