diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/app/config/config.c | 25 | ||||
-rw-r--r-- | src/core/or/policies.c | 8 | ||||
-rw-r--r-- | src/test/test_options.c | 12 |
3 files changed, 20 insertions, 25 deletions
diff --git a/src/app/config/config.c b/src/app/config/config.c index 1a43c7fd5b..105c408614 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -3359,7 +3359,6 @@ STATIC int options_validate(or_options_t *old_options, or_options_t *options, or_options_t *default_options, int from_setconf, char **msg) { - int i; config_line_t *cl; const char *uname = get_uname(); int n_ports=0; @@ -3680,30 +3679,6 @@ options_validate(or_options_t *old_options, or_options_t *options, } } - /* Terminate Reachable*Addresses with reject * - */ - for (i=0; i<3; i++) { - config_line_t **linep = - (i==0) ? &options->ReachableAddresses : - (i==1) ? &options->ReachableORAddresses : - &options->ReachableDirAddresses; - if (!*linep) - continue; - /* We need to end with a reject *:*, not an implicit accept *:* */ - for (;;) { - linep = &((*linep)->next); - if (!*linep) { - *linep = tor_malloc_zero(sizeof(config_line_t)); - (*linep)->key = tor_strdup( - (i==0) ? "ReachableAddresses" : - (i==1) ? "ReachableORAddresses" : - "ReachableDirAddresses"); - (*linep)->value = tor_strdup("reject *:*"); - break; - } - } - } - if ((options->ReachableAddresses || options->ReachableORAddresses || options->ReachableDirAddresses || diff --git a/src/core/or/policies.c b/src/core/or/policies.c index e01415f95e..7f5d5dd10f 100644 --- a/src/core/or/policies.c +++ b/src/core/or/policies.c @@ -317,6 +317,14 @@ parse_reachable_addresses(void) } } + /* Prepend a reject *.* to reachable_(or|dir)_addr_policy */ + if (!ret && (options->ReachableDirAddresses || + options->ReachableORAddresses || + options->ReachableAddresses)) { + append_exit_policy_string(&reachable_or_addr_policy, "reject *:*"); + append_exit_policy_string(&reachable_dir_addr_policy, "reject *:*"); + } + return ret; } diff --git a/src/test/test_options.c b/src/test/test_options.c index 801b5895ff..71d2193d1f 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -1656,6 +1656,18 @@ test_options_validate__reachable_addresses(void *ignored) tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82"); tor_free(msg); + free_options_test_data(tdata); + mock_clean_saved_logs(); + tdata = get_options_test_data("FascistFirewall 1\n" + "ReachableAddresses *:82\n" + "MaxClientCircuitsPending 1\n" + "ConnLimit 1\n"); + + ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); + tt_int_op(ret, OP_EQ, -1); + tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL); + tor_free(msg); + #define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \ " the rest of the Internet, so they must not set Reachable*Addresses or" \ " FascistFirewall or FirewallPorts or ClientUseIPv4 0." |