diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuitbuild.c | 8 | ||||
| -rw-r--r-- | src/or/circuitlist.c | 3 | ||||
| -rw-r--r-- | src/or/connection.c | 8 | ||||
| -rw-r--r-- | src/or/main.c | 3 | ||||
| -rw-r--r-- | src/or/policies.c | 9 | ||||
| -rw-r--r-- | src/or/rendcache.c | 6 | ||||
| -rw-r--r-- | src/or/router.c | 2 | ||||
| -rw-r--r-- | src/or/routerlist.c | 18 |
8 files changed, 40 insertions, 17 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 0688398f6d..933d70bd8b 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -498,6 +498,14 @@ circuit_handle_first_hop(origin_circuit_t *circ) tor_assert(firsthop); tor_assert(firsthop->extend_info); + /* XX/teor - does tor ever need build a circuit directly to itself? */ + if (tor_addr_is_internal(&firsthop->extend_info->addr, 0) && + !get_options()->ExtendAllowPrivateAddresses) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Client asked me to connect directly to a private address"); + return -END_CIRC_REASON_TORPROTOCOL; + } + /* now see if we're already connected to the first OR in 'route' */ log_debug(LD_CIRC,"Looking for firsthop '%s'", fmt_addrport(&firsthop->extend_info->addr, diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index c4992d47ff..15b8748158 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -911,6 +911,9 @@ circuit_free_all(void) smartlist_free(circuits_pending_chans); circuits_pending_chans = NULL; + smartlist_free(circuits_pending_close); + circuits_pending_close = NULL; + { chan_circid_circuit_map_t **elt, **next, *c; for (elt = HT_START(chan_circid_map, &chan_circid_map); diff --git a/src/or/connection.c b/src/or/connection.c index b31b99c2e7..4e39832709 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1708,10 +1708,13 @@ connection_connect_sockaddr(connection_t *conn, } /** Take conn, make a nonblocking socket; try to connect to - * addr:port (they arrive in *host order*). If fail, return -1 and if + * addr:port (port arrives in *host order*). If fail, return -1 and if * applicable put your best guess about errno into *<b>socket_error</b>. * Else assign s to conn-\>s: if connected return 1, if EAGAIN return 0. * + * addr:port can be different to conn->addr:conn->port if connecting through + * a proxy. + * * address is used to make the logs useful. * * On success, add conn to the list of polled connections. @@ -4212,7 +4215,8 @@ connection_write_to_buf_impl_,(const char *string, size_t len, } /** Return a connection with given type, address, port, and purpose; - * or NULL if no such connection exists. */ + * or NULL if no such connection exists (or if all such connections are marked + * for close). */ connection_t * connection_get_by_type_addr_port_purpose(int type, const tor_addr_t *addr, uint16_t port, diff --git a/src/or/main.c b/src/or/main.c index 1469fd1da1..3f166c819d 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -500,8 +500,7 @@ connection_in_array(connection_t *conn) return smartlist_contains(connection_array, conn); } -/** Set <b>*array</b> to an array of all connections, and <b>*n</b> - * to the length of the array. <b>*array</b> and <b>*n</b> must not +/** Set <b>*array</b> to an array of all connections. <b>*array</b> must not * be modified. */ smartlist_t * diff --git a/src/or/policies.c b/src/or/policies.c index 07f8cd7c40..73245b50ab 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -907,7 +907,8 @@ addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr) static int tor_addr_is_public_for_reject(const tor_addr_t *addr) { - return !tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0); + return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0) + && !tor_addr_is_multicast(addr)); } /* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. @@ -1539,9 +1540,9 @@ policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy, if (result < 0) return -1; written += strlen(buf); - /* If the maskbits is 32 we don't need to give it. If the mask is 0, - * we already wrote "*". */ - if (policy->maskbits < 32 && policy->maskbits > 0) { + /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it. If + the mask is 0, we already wrote "*". */ + if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) { if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0) return -1; written += strlen(buf+written); diff --git a/src/or/rendcache.c b/src/or/rendcache.c index 790e0c246d..c69671e289 100644 --- a/src/or/rendcache.c +++ b/src/or/rendcache.c @@ -321,9 +321,9 @@ rend_cache_failure_purge(void) } /** Lookup the rend failure cache using a relay identity digest in - * <b>identity</b> and service ID <b>service_id</b>. If found, the intro - * failure is set in <b>intro_entry</b> else it stays untouched. Return 1 - * iff found else 0. */ + * <b>identity</b> which has DIGEST_LEN bytes and service ID <b>service_id</b> + * which is a null-terminated string. If found, the intro failure is set in + * <b>intro_entry</b> else it stays untouched. Return 1 iff found else 0. */ STATIC int cache_failure_intro_lookup(const uint8_t *identity, const char *service_id, rend_cache_failure_intro_t **intro_entry) diff --git a/src/or/router.c b/src/or/router.c index 90203458b2..bed9dc5e43 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1781,9 +1781,9 @@ router_get_my_descriptor(void) const char *body; if (!router_get_my_routerinfo()) return NULL; - /* Make sure this is nul-terminated. */ tor_assert(desc_routerinfo->cache_info.saved_location == SAVED_NOWHERE); body = signed_descriptor_get_body(&desc_routerinfo->cache_info); + /* Make sure this is nul-terminated. */ tor_assert(!body[desc_routerinfo->cache_info.signed_descriptor_len]); log_debug(LD_GENERAL,"my desc is '%s'", body); return body; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 8f6a440d16..5e7906475f 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1501,8 +1501,14 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, if ((type & EXTRAINFO_DIRINFO) && !router_supports_extrainfo(node->identity, is_trusted_extrainfo)) continue; - if (for_guard && node->using_as_guard) - continue; /* Don't make the same node a guard twice. */ + /* Don't make the same node a guard twice */ + if (for_guard && node->using_as_guard) { + continue; + } + /* Ensure that a directory guard is actually a guard node. */ + if (for_guard && !node->is_possible_guard) { + continue; + } if (try_excluding && routerset_contains_routerstatus(options->ExcludeNodes, status, country)) { @@ -4028,9 +4034,9 @@ router_exit_policy_rejects_all(const routerinfo_t *router) } /** Create an directory server at <b>address</b>:<b>port</b>, with OR identity - * key <b>digest</b>. If <b>address</b> is NULL, add ourself. If - * <b>is_authority</b>, this is a directory authority. Return the new - * directory server entry on success or NULL on failure. */ + * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL, + * add ourself. If <b>is_authority</b>, this is a directory authority. Return + * the new directory server entry on success or NULL on failure. */ static dir_server_t * dir_server_new(int is_authority, const char *nickname, @@ -4045,6 +4051,8 @@ dir_server_new(int is_authority, uint32_t a; char *hostname_ = NULL; + tor_assert(digest); + if (weight < 0) return NULL; |