From a438f2abcd3252ca786a15042b597714a99b1ab1 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Fri, 9 Dec 2005 02:46:46 +0000
Subject: [PATCH] let the user configure a sockslistenaddress on other private
 IPs besides 127.x.y.z without complaining. and give a better message in the
 log.

svn:r5544
---
 src/or/config.c  | 24 +++++++++++-------------
 src/or/dirserv.c |  2 +-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c
index 31a279c58e..14f09fe306 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1420,7 +1420,7 @@ resolve_my_address(or_options_t *options, uint32_t *addr_out, char **hostname_ou
   }
 
   tor_inet_ntoa(&in,tmpbuf,sizeof(tmpbuf));
-  if (is_internal_IP(htonl(in.s_addr)) && !options->NoPublish) {
+  if (is_internal_IP(htonl(in.s_addr), 0) && !options->NoPublish) {
     /* make sure we're ok with publishing an internal IP */
     if (!options->DirServers) {
       /* if they are using the default dirservers, disallow internal IPs always. */
@@ -1744,8 +1744,8 @@ options_validate(or_options_t *old_options, or_options_t *options)
   int result = 0;
   config_line_t *cl;
   addr_policy_t *addr_policy=NULL;
-#define REJECT(arg) do { log(LOG_WARN, LD_CONFIG, arg); result = -1; } while (0)
-#define COMPLAIN(arg) do { log(LOG_WARN, LD_CONFIG, arg); } while (0)
+#define REJECT(arg...) do { log(LOG_WARN, LD_CONFIG, arg); result = -1; } while (0)
+#define COMPLAIN(arg...) do { log(LOG_WARN, LD_CONFIG, arg); } while (0)
 
   if (options->ORPort < 0 || options->ORPort > 65535)
     REJECT("ORPort option out of bounds.");
@@ -1764,20 +1764,18 @@ options_validate(or_options_t *old_options, or_options_t *options)
 
   if (options->SocksListenAddress) {
     config_line_t *line = NULL;
-    int binding_on_public_addr = 0;
+    char *address = NULL;
     for (line = options->SocksListenAddress; line; line = line->next) {
       uint16_t port;
       uint32_t addr;
-      if (parse_addr_port(line->value, NULL, &addr, &port)<0)
+      if (parse_addr_port(line->value, &address, &addr, &port)<0)
         continue; /* We'll warn about this later. */
-      if ((addr & 0xff000000u) != 0x7f000000u)
-        binding_on_public_addr = 1;
-    }
-    if (binding_on_public_addr &&
-        (!old_options || !config_lines_eq(old_options->SocksListenAddress,
-                                          options->SocksListenAddress))) {
-      /* XXXX This should be a better warning. */
-      COMPLAIN("Binding to a public address for SOCKS listener.");
+      if (!is_internal_IP(addr, 1) &&
+          (!old_options || !config_lines_eq(old_options->SocksListenAddress,
+                                            options->SocksListenAddress))) {
+        COMPLAIN("You specified a public address '%s' for a SOCKS listener. Other people on the Internet might find your computer and use it as an open SOCKS proxy. Please don't allow this unless you have a good reason.", address);
+      }
+      tor_free(address);
     }
   }
 
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index b2a3c3cfd0..3dbe204286 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -399,7 +399,7 @@ dirserv_router_has_valid_address(routerinfo_t *ri)
          ri->nickname, ri->address);
     return -1;
   }
-  if (is_internal_IP(ntohl(iaddr.s_addr))) {
+  if (is_internal_IP(ntohl(iaddr.s_addr), 0)) {
     info(LD_DIRSERV,
          "Router '%s' published internal IP address '%s'. Refusing.",
          ri->nickname, ri->address);