mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 20:33:31 +01:00
Merge remote-tracking branch 'tor-github/pr/245'
This commit is contained in:
commit
2bc4c55d7d
7
changes/bug20874
Normal file
7
changes/bug20874
Normal file
@ -0,0 +1,7 @@
|
||||
o Minor bugfixes (client, reachableaddresses):
|
||||
- Instead of adding an "reject *:*" line to ReachableAddresses when
|
||||
loading the configuration, add one to the policy after parsing it
|
||||
in parse_reachable_addresses(). This prevents extra "reject *.*"
|
||||
lines from accumulating on reloads. Fixes bug 20874; bugfix on
|
||||
0.3.5.1-alpha. Patch by Neel Chauhan.
|
||||
|
@ -3359,7 +3359,6 @@ STATIC int
|
||||
options_validate(or_options_t *old_options, or_options_t *options,
|
||||
or_options_t *default_options, int from_setconf, char **msg)
|
||||
{
|
||||
int i;
|
||||
config_line_t *cl;
|
||||
const char *uname = get_uname();
|
||||
int n_ports=0;
|
||||
@ -3680,30 +3679,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
}
|
||||
}
|
||||
|
||||
/* Terminate Reachable*Addresses with reject *
|
||||
*/
|
||||
for (i=0; i<3; i++) {
|
||||
config_line_t **linep =
|
||||
(i==0) ? &options->ReachableAddresses :
|
||||
(i==1) ? &options->ReachableORAddresses :
|
||||
&options->ReachableDirAddresses;
|
||||
if (!*linep)
|
||||
continue;
|
||||
/* We need to end with a reject *:*, not an implicit accept *:* */
|
||||
for (;;) {
|
||||
linep = &((*linep)->next);
|
||||
if (!*linep) {
|
||||
*linep = tor_malloc_zero(sizeof(config_line_t));
|
||||
(*linep)->key = tor_strdup(
|
||||
(i==0) ? "ReachableAddresses" :
|
||||
(i==1) ? "ReachableORAddresses" :
|
||||
"ReachableDirAddresses");
|
||||
(*linep)->value = tor_strdup("reject *:*");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((options->ReachableAddresses ||
|
||||
options->ReachableORAddresses ||
|
||||
options->ReachableDirAddresses ||
|
||||
|
@ -317,6 +317,14 @@ parse_reachable_addresses(void)
|
||||
}
|
||||
}
|
||||
|
||||
/* Prepend a reject *.* to reachable_(or|dir)_addr_policy */
|
||||
if (!ret && (options->ReachableDirAddresses ||
|
||||
options->ReachableORAddresses ||
|
||||
options->ReachableAddresses)) {
|
||||
append_exit_policy_string(&reachable_or_addr_policy, "reject *:*");
|
||||
append_exit_policy_string(&reachable_dir_addr_policy, "reject *:*");
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1656,6 +1656,18 @@ test_options_validate__reachable_addresses(void *ignored)
|
||||
tt_str_op(tdata->opt->ReachableAddresses->value, OP_EQ, "*:82");
|
||||
tor_free(msg);
|
||||
|
||||
free_options_test_data(tdata);
|
||||
mock_clean_saved_logs();
|
||||
tdata = get_options_test_data("FascistFirewall 1\n"
|
||||
"ReachableAddresses *:82\n"
|
||||
"MaxClientCircuitsPending 1\n"
|
||||
"ConnLimit 1\n");
|
||||
|
||||
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
tt_ptr_op(tdata->opt->ReachableAddresses->next, OP_EQ, NULL);
|
||||
tor_free(msg);
|
||||
|
||||
#define SERVERS_REACHABLE_MSG "Servers must be able to freely connect to" \
|
||||
" the rest of the Internet, so they must not set Reachable*Addresses or" \
|
||||
" FascistFirewall or FirewallPorts or ClientUseIPv4 0."
|
||||
|
Loading…
Reference in New Issue
Block a user