From 7828927a58a2c06befe51b502b4f380b9bc53709 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 7 Feb 2007 03:40:06 +0000 Subject: [PATCH] Only rewrite a conn's address based on X-Forwarded-For: headers if it's a parseable public IP address; and stop adding extra quotes to the resulting address. svn:r9505 --- ChangeLog | 3 +++ src/or/directory.c | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d64ff5cc78..1be546cedc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -79,6 +79,9 @@ Changes in version 0.1.2.7-alpha - 2007-02-06 - Call stat() slightly less often; use fstat() when possible. - Refactor the way we handle pending circuits when an OR connection completes or fails, in an attempt to fix a rare crash bug. + - Only rewrite a conn's address based on X-Forwarded-For: headers + if it's a parseable public IP address; and stop adding extra quotes + to the resulting address. o Major features: - Weight directory requests by advertised bandwidth. Now we can diff --git a/src/or/directory.c b/src/or/directory.c index 1b5468bd93..e181fa8fbd 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -708,8 +708,14 @@ http_set_address_origin(const char *headers, connection_t *conn) if (!fwd) fwd = http_get_header(headers, "X-Forwarded-For: "); if (fwd) { + struct in_addr in; + if (!tor_inet_aton(fwd, &in) || is_internal_IP(ntohl(in.s_addr), 0)) { + log_debug(LD_DIR, "Ignoring unrecognized or internal IP '%s'", fwd); + tor_free(fwd); + return; + } tor_free(conn->address); - conn->address = tor_strdup(escaped(fwd)); + conn->address = tor_strdup(fwd); tor_free(fwd); } }