diff options
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 15d98bfde5..aad47bb001 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1818,6 +1818,18 @@ find_rp_for_intro(const rend_intro_cell_t *intro, goto err; } + /* Make sure the RP we are being asked to connect to is _not_ a private + * address unless it's allowed. Let's avoid to build a circuit to our + * second middle node and fail right after when extending to the RP. */ + if (!extend_info_addr_is_allowed(&rp->addr)) { + if (err_msg_out) { + tor_asprintf(&err_msg, + "Relay IP in INTRODUCE2 cell is private address."); + } + extend_info_free(rp); + rp = NULL; + goto err; + } goto done; err: |