nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'public/bug10801_024'

Browse Source 
Conflicts:
	src/common/address.c
	src/or/config.c
This commit is contained in:
Nick Mathewson 2014-04-05 14:50:57 -04:00
commit 2ff664ee20
5 changed files with 83 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug10801 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- Stop accepting bridge lines containing hostnames. Doing so allowed
clients to perform DNS requests on the hostnames, which was not
sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.

25
src/common/address.c
View File

@ -1451,12 +1451,16 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
* to the port.
*
* Don't do DNS lookups and don't allow domain names in the "ip" field.
* Don't accept <b>addrport</b> of the form "ip" or "ip:0".
*
* If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
* form "ip" or "ip:0". Otherwise, accept those forms, and set
* *<b>port_out</b> to <b>default_port</b>.
*
* Return 0 on success, -1 on failure. */
int
tor_addr_port_parse(int severity, const char *addrport,
tor_addr_t *address_out, uint16_t *port_out)
tor_addr_t *address_out, uint16_t *port_out,
int default_port)
{
int retval = -1;
int r;
@ -1470,8 +1474,12 @@ tor_addr_port_parse(int severity, const char *addrport,
if (r < 0)
goto done;
if (!*port_out)
goto done;
if (!*port_out) {
if (default_port >= 0)
*port_out = default_port;
else
goto done;
}
/* make sure that address_out is an IP address */
if (tor_addr_parse(address_out, addr_tmp) < 0)
@ -1492,9 +1500,18 @@ int
tor_addr_port_split(int severity, const char *addrport,
char **address_out, uint16_t *port_out)
{
tor_addr_t a_tmp;
tor_assert(addrport);
tor_assert(address_out);
tor_assert(port_out);
/* We need to check for IPv6 manually because addr_port_lookup() doesn't
* do a good job on IPv6 addresses that lack a port. */
if (tor_addr_parse(&a_tmp, addrport) == AF_INET6) {
*port_out = 0;
*address_out = tor_strdup(addrport);
return 0;
}
return addr_port_lookup(severity, addrport, address_out, NULL, port_out);
}

3
src/common/address.h
View File

@ -210,7 +210,8 @@ int tor_addr_port_split(int severity, const char *addrport,
char **address_out, uint16_t *port_out);
int tor_addr_port_parse(int severity, const char *addrport,
tor_addr_t *address_out, uint16_t *port_out);
tor_addr_t *address_out, uint16_t *port_out,
int default_port);
int tor_addr_hostname_is_local(const char *name);

13
src/or/config.c
View File

@ -4535,18 +4535,11 @@ parse_bridge_line(const char *line)
addrport = field;
}
/* Parse addrport. */
if (tor_addr_port_lookup(addrport,
&bridge_line->addr, &bridge_line->port)<0) {
if (tor_addr_port_parse(LOG_INFO, addrport,
&bridge_line->addr, &bridge_line->port, 443)<0) {
log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
goto err;
}
if (!bridge_line->port) {
log_info(LD_CONFIG,
"Bridge address '%s' has no port; using default port 443.",
addrport);
bridge_line->port = 443;
}
/* If transports are enabled, next field could be a fingerprint or a
socks argument. If transports are disabled, next field must be
@ -4797,7 +4790,7 @@ get_bindaddr_from_transport_listen_line(const char *line,const char *transport)
goto err;
/* Validate addrport */
if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port)<0) {
if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
"address '%s'", addrport);
goto err;

59
src/test/test_addr.c
View File

@ -743,42 +743,89 @@ test_addr_parse(void)
/* Correct call. */
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.1:1234",
&addr, &port);
&addr, &port, -1);
test_assert(r == 0);
tor_addr_to_str(buf, &addr, sizeof(buf), 0);
test_streq(buf, "192.0.2.1");
test_eq(port, 1234);
r= tor_addr_port_parse(LOG_DEBUG,
"[::1]:1234",
&addr, &port, -1);
test_assert(r == 0);
tor_addr_to_str(buf, &addr, sizeof(buf), 0);
test_streq(buf, "::1");
test_eq(port, 1234);
/* Domain name. */
r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org:1234",
&addr, &port);
&addr, &port, -1);
test_assert(r == -1);
/* Only IP. */
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2",
&addr, &port);
&addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2",
&addr, &port, 200);
test_assert(r == 0);
tt_int_op(port,==,200);
r= tor_addr_port_parse(LOG_DEBUG,
"[::1]",
&addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"[::1]",
&addr, &port, 400);
test_assert(r == 0);
tt_int_op(port,==,400);
/* Bad port. */
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2:66666",
&addr, &port);
&addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2:66666",
&addr, &port, 200);
test_assert(r == -1);
/* Only domain name */
r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org",
&addr, &port);
&addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org",
&addr, &port, 200);
test_assert(r == -1);
/* Bad IP address */
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2:1234",
&addr, &port);
&addr, &port, -1);
test_assert(r == -1);
/* Make sure that the default port has lower priority than the real
one */
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2:1337",
&addr, &port, 200);
test_assert(r == 0);
tt_int_op(port,==,1337);
r= tor_addr_port_parse(LOG_DEBUG,
"[::1]:1369",
&addr, &port, 200);
test_assert(r == 0);
tt_int_op(port,==,1369);
done:
;
}