diff options
Diffstat (limited to 'src/or/relay.c')
| -rw-r--r-- | src/or/relay.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/or/relay.c b/src/or/relay.c index 68b8a5f82d..d9ca3760f9 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -900,9 +900,14 @@ connection_edge_process_relay_cell_not_open( if (rh->length >= 4) { uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE)); int ttl; - if (!addr) { + if (!addr || (get_options()->ClientDNSRejectInternalAddresses && + is_internal_IP(addr, 0))) { + char buf[INET_NTOA_BUF_LEN]; + struct in_addr a; + a.s_addr = htonl(addr); + tor_inet_ntoa(&a, buf, sizeof(buf)); log_info(LD_APP, - "...but it claims the IP address was 0.0.0.0. Closing."); + "...but it claims the IP address was %s. Closing.", buf); connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return 0; @@ -946,13 +951,28 @@ connection_edge_process_relay_cell_not_open( connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return 0; } + answer_type = cell->payload[RELAY_HEADER_SIZE]; if (rh->length >= answer_len+6) ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+ 2+answer_len)); else ttl = -1; - - answer_type = cell->payload[RELAY_HEADER_SIZE]; + if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) { + uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+2)); + if (get_options()->ClientDNSRejectInternalAddresses && + is_internal_IP(addr, 0)) { + char buf[INET_NTOA_BUF_LEN]; + struct in_addr a; + a.s_addr = htonl(addr); + tor_inet_ntoa(&a, buf, sizeof(buf)); + log_info(LD_APP,"Got a resolve with answer %s. Rejecting.", buf); + connection_ap_handshake_socks_resolved(conn, + RESOLVED_TYPE_ERROR_TRANSIENT, + 0, NULL, 0, TIME_MAX); + connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); + return 0; + } + } connection_ap_handshake_socks_resolved(conn, answer_type, cell->payload[RELAY_HEADER_SIZE+1], /*answer_len*/ |