mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Fix the rest of bug 619: reject *:* servers should not do DNS lookups, even if broken clients send them RELAY_BEGIN cells. Patch from rovv.
svn:r17138
This commit is contained in:
parent
b593fd5c20
commit
5e762e6a5c
@ -31,6 +31,9 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx
|
|||||||
- Send a valid END cell back when a client tries to connect to a
|
- Send a valid END cell back when a client tries to connect to a
|
||||||
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
|
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
|
||||||
840. Patch from rovv.
|
840. Patch from rovv.
|
||||||
|
- If a broken client asks a non-exit router to connect somewhere,
|
||||||
|
do not even do the DNS lookup before rejecting the connection.
|
||||||
|
Fixes another case of bug 619. Patch from rovv.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.1.6-alpha - 2008-09-30
|
Changes in version 0.2.1.6-alpha - 2008-09-30
|
||||||
|
13
src/or/dns.c
13
src/or/dns.c
@ -553,15 +553,10 @@ dns_resolve(edge_connection_t *exitconn)
|
|||||||
or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
|
or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
|
||||||
int is_resolve, r;
|
int is_resolve, r;
|
||||||
char *hostname = NULL;
|
char *hostname = NULL;
|
||||||
routerinfo_t *me;
|
|
||||||
is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE;
|
is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE;
|
||||||
|
|
||||||
if (is_resolve &&
|
|
||||||
(!(me = router_get_my_routerinfo()) ||
|
|
||||||
policy_is_reject_star(me->exit_policy))) /* non-exit */
|
|
||||||
r = -1;
|
|
||||||
else
|
|
||||||
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
|
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
|
||||||
|
|
||||||
switch (r) {
|
switch (r) {
|
||||||
case 1:
|
case 1:
|
||||||
/* We got an answer without a lookup -- either the answer was
|
/* We got an answer without a lookup -- either the answer was
|
||||||
@ -636,6 +631,7 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
|
|||||||
cached_resolve_t *resolve;
|
cached_resolve_t *resolve;
|
||||||
cached_resolve_t search;
|
cached_resolve_t search;
|
||||||
pending_connection_t *pending_connection;
|
pending_connection_t *pending_connection;
|
||||||
|
routerinfo_t *me;
|
||||||
struct in_addr in;
|
struct in_addr in;
|
||||||
time_t now = time(NULL);
|
time_t now = time(NULL);
|
||||||
uint8_t is_reverse = 0;
|
uint8_t is_reverse = 0;
|
||||||
@ -652,6 +648,11 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
|
|||||||
exitconn->address_ttl = DEFAULT_DNS_TTL;
|
exitconn->address_ttl = DEFAULT_DNS_TTL;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
/* If we're a non-exit, don't even do DNS lookups. */
|
||||||
|
if (!(me = router_get_my_routerinfo()) ||
|
||||||
|
policy_is_reject_star(me->exit_policy)) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (address_is_invalid_destination(exitconn->_base.address, 0)) {
|
if (address_is_invalid_destination(exitconn->_base.address, 0)) {
|
||||||
log(LOG_PROTOCOL_WARN, LD_EXIT,
|
log(LOG_PROTOCOL_WARN, LD_EXIT,
|
||||||
"Rejecting invalid destination address %s",
|
"Rejecting invalid destination address %s",
|
||||||
|
Loading…
Reference in New Issue
Block a user