nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't do a DNS lookup on a bridge line address

Browse Source 
Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
This commit is contained in:
Nick Mathewson 2014-03-27 15:31:29 -04:00
parent a83abcf5ee
commit 9c0a1adfa2
5 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug10801 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- Stop accepting bridge lines containing hostnames. Doing so allowed
clients to perform DNS requests on the hostnames, which was not
sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.

14
src/common/address.c
View File

@ -1439,12 +1439,16 @@ is_internal_IP(uint32_t ip, int for_listening)
* to the port. * to the port.
* *
* Don't do DNS lookups and don't allow domain names in the <ip> field. * Don't do DNS lookups and don't allow domain names in the <ip> field.
* Don't accept <b>addrport</b> of the form "<ip>" or "<ip>:0". *
* If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
* form "<ip>" or "<ip>:0". Otherwise, accept those forms, and set
* *<b>port_out</b> to <b>default_port</b>.
* *
* Return 0 on success, -1 on failure. */ * Return 0 on success, -1 on failure. */
int int
tor_addr_port_parse(int severity, const char *addrport, tor_addr_port_parse(int severity, const char *addrport,
tor_addr_t *address_out, uint16_t *port_out) tor_addr_t *address_out, uint16_t *port_out,
int default_port)
{ {
int retval = -1; int retval = -1;
int r; int r;
@ -1458,8 +1462,12 @@ tor_addr_port_parse(int severity, const char *addrport,
if (r < 0) if (r < 0)
goto done; goto done;
if (!*port_out) if (!*port_out) {
if (default_port >= 0)
*port_out = default_port;
else
goto done; goto done;
}
/* make sure that address_out is an IP address */ /* make sure that address_out is an IP address */
if (tor_addr_parse(address_out, addr_tmp) < 0) if (tor_addr_parse(address_out, addr_tmp) < 0)

3
src/common/address.h
View File

@ -209,7 +209,8 @@ int tor_addr_port_split(int severity, const char *addrport,
char **address_out, uint16_t *port_out); char **address_out, uint16_t *port_out);
int tor_addr_port_parse(int severity, const char *addrport, int tor_addr_port_parse(int severity, const char *addrport,
tor_addr_t *address_out, uint16_t *port_out); tor_addr_t *address_out, uint16_t *port_out,
int default_port);
int tor_addr_hostname_is_local(const char *name); int tor_addr_hostname_is_local(const char *name);

10
src/or/config.c
View File

@ -4169,16 +4169,10 @@ parse_bridge_line(const char *line, int validate_only)
addrport = field1; addrport = field1;
} }
if (tor_addr_port_lookup(addrport, &addr, &port)<0) { if (tor_addr_port_parse(LOG_INFO, addrport, &addr, &port, 443)<0) {
log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport); log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
goto err; goto err;
} }
if (!port) {
log_info(LD_CONFIG,
"Bridge address '%s' has no port; using default port 443.",
addrport);
port = 443;
}
if (smartlist_len(items)) { if (smartlist_len(items)) {
fingerprint = smartlist_join_strings(items, "", 0, NULL); fingerprint = smartlist_join_strings(items, "", 0, NULL);
@ -4384,7 +4378,7 @@ get_bindaddr_from_transport_listen_line(const char *line,const char *transport)
goto err; goto err;
/* Validate addrport */ /* Validate addrport */
if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port)<0) { if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr " log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
"address '%s'", addrport); "address '%s'", addrport);
goto err; goto err;

26
src/test/test_addr.c
View File

@ -735,7 +735,7 @@ test_addr_parse(void)
/* Correct call. */ /* Correct call. */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.1:1234", "192.0.2.1:1234",
&addr, &port); &addr, &port, -1);
test_assert(r == 0); test_assert(r == 0);
tor_addr_to_str(buf, &addr, sizeof(buf), 0); tor_addr_to_str(buf, &addr, sizeof(buf), 0);
test_streq(buf, "192.0.2.1"); test_streq(buf, "192.0.2.1");
@ -744,31 +744,45 @@ test_addr_parse(void)
/* Domain name. */ /* Domain name. */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org:1234", "torproject.org:1234",
&addr, &port); &addr, &port, -1);
test_assert(r == -1); test_assert(r == -1);
/* Only IP. */ /* Only IP. */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2", "192.0.2.2",
&addr, &port); &addr, &port, -1);
test_assert(r == -1); test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2",
&addr, &port, 200);
test_assert(r == 0);
tt_int_op(port,==,200);
/* Bad port. */ /* Bad port. */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2:66666", "192.0.2.2:66666",
&addr, &port); &addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2.2:66666",
&addr, &port, 200);
test_assert(r == -1); test_assert(r == -1);
/* Only domain name */ /* Only domain name */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org", "torproject.org",
&addr, &port); &addr, &port, -1);
test_assert(r == -1);
r= tor_addr_port_parse(LOG_DEBUG,
"torproject.org",
&addr, &port, 200);
test_assert(r == -1); test_assert(r == -1);
/* Bad IP address */ /* Bad IP address */
r= tor_addr_port_parse(LOG_DEBUG, r= tor_addr_port_parse(LOG_DEBUG,
"192.0.2:1234", "192.0.2:1234",
&addr, &port); &addr, &port, -1);
test_assert(r == -1); test_assert(r == -1);
done: done: