Fix the rest of bug 619: reject *:* servers should not do DNS lookups, even if broken clients send them RELAY_BEGIN cells. Patch from rovv.

svn:r17138
This commit is contained in:
Nick Mathewson 2008-10-21 16:51:59 +00:00
parent b593fd5c20
commit 5e762e6a5c
2 changed files with 11 additions and 7 deletions

View File

@ -31,6 +31,9 @@ Changes in version 0.2.1.7-alpha - 2008-10-xx
- Send a valid END cell back when a client tries to connect to a - Send a valid END cell back when a client tries to connect to a
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
840. Patch from rovv. 840. Patch from rovv.
- If a broken client asks a non-exit router to connect somewhere,
do not even do the DNS lookup before rejecting the connection.
Fixes another case of bug 619. Patch from rovv.
Changes in version 0.2.1.6-alpha - 2008-09-30 Changes in version 0.2.1.6-alpha - 2008-09-30

View File

@ -553,15 +553,10 @@ dns_resolve(edge_connection_t *exitconn)
or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit); or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
int is_resolve, r; int is_resolve, r;
char *hostname = NULL; char *hostname = NULL;
routerinfo_t *me;
is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE; is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE;
if (is_resolve &&
(!(me = router_get_my_routerinfo()) ||
policy_is_reject_star(me->exit_policy))) /* non-exit */
r = -1;
else
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname); r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
switch (r) { switch (r) {
case 1: case 1:
/* We got an answer without a lookup -- either the answer was /* We got an answer without a lookup -- either the answer was
@ -636,6 +631,7 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
cached_resolve_t *resolve; cached_resolve_t *resolve;
cached_resolve_t search; cached_resolve_t search;
pending_connection_t *pending_connection; pending_connection_t *pending_connection;
routerinfo_t *me;
struct in_addr in; struct in_addr in;
time_t now = time(NULL); time_t now = time(NULL);
uint8_t is_reverse = 0; uint8_t is_reverse = 0;
@ -652,6 +648,11 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
exitconn->address_ttl = DEFAULT_DNS_TTL; exitconn->address_ttl = DEFAULT_DNS_TTL;
return 1; return 1;
} }
/* If we're a non-exit, don't even do DNS lookups. */
if (!(me = router_get_my_routerinfo()) ||
policy_is_reject_star(me->exit_policy)) {
return -1;
}
if (address_is_invalid_destination(exitconn->_base.address, 0)) { if (address_is_invalid_destination(exitconn->_base.address, 0)) {
log(LOG_PROTOCOL_WARN, LD_EXIT, log(LOG_PROTOCOL_WARN, LD_EXIT,
"Rejecting invalid destination address %s", "Rejecting invalid destination address %s",