summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/app/config/config.c25
-rw-r--r--src/core/or/policies.c8
-rw-r--r--src/test/test_options.c12
3 files changed, 20 insertions, 25 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 1a43c7fd5b..105c408614 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -3359,7 +3359,6 @@ STATIC int
options_validate(or_options_t *old_options, or_options_t *options,
or_options_t *default_options, int from_setconf, char **msg)
{
- int i;
config_line_t *cl;
const char *uname = get_uname();
int n_ports=0;
@@ -3680,30 +3679,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
- /* Terminate Reachable*Addresses with reject *
- */
- for (i=0; i<3; i++) {
- config_line_t **linep =
- (i==0) ? &options->ReachableAddresses :
- (i==1) ? &options->ReachableORAddresses :
- &options->ReachableDirAddresses;
- if (!*linep)
- continue;
- /* We need to end with a reject *:*, not an implicit accept *:* */
- for (;;) {
- linep = &((*linep)->next);
- if (!*linep) {
- *linep = tor_malloc_zero(sizeof(config_line_t));
- (*linep)->key = tor_strdup(
- (i==0) ? "ReachableAddresses" :
- (i==1) ? "ReachableORAddresses" :
- "ReachableDirAddresses");
- (*linep)->value = tor_strdup("reject *:*");
- break;
- }
- }
- }
-
if ((options->ReachableAddresses ||
options->ReachableORAddresses ||
options->ReachableDirAddresses ||
diff --git a/src/core/or/policies.c b/src/core/or/policies.c
index e01415f95e..7f5d5dd10f 100644
--- a/src/core/or/policies.c
+++ b/src/core/or/policies.c
@@ -317,6 +317,14 @@ parse_reachable_addresses(void)
}
}
+ /* Prepend a reject *.* to reachable_(or|dir)_addr_policy */
+ if (!ret && (options->ReachableDirAddresses ||
+ options->ReachableORAddresses ||
+ options->ReachableAddresses)) {
+ append_exit_policy_string(&reachable_or_addr_policy, "reject *:*");
+ append_exit_policy_string(&reachable_dir_addr_policy, "reject *:*");
+ }
+
return ret;
}
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 801b5895ff..71d2193d1f 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -1656,6 +1656,18 @@ test_options_validate__reachable_addresses(void *ignored)
tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
tor_free(msg);
+ free_options_test_data(tdata);
+ mock_clean_saved_logs();
+ tdata = get_options_test_data("FascistFirewall 1\n"
+ "ReachableAddresses *:82\n"
+ "MaxClientCircuitsPending 1\n"
+ "ConnLimit 1\n");
+
+ ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ tt_int_op(ret, OP_EQ, -1);
+ tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL);
+ tor_free(msg);
+
#define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
" the rest of the Internet, so they must not set Reachable*Addresses or" \
" FascistFirewall or FirewallPorts or ClientUseIPv4 0."