Fix a regression bug in AllowDotExit

The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule.  But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".

This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.

Fixes bug 6211; bugfix on 0.2.3.17-beta
This commit is contained in:
Nick Mathewson 2012-06-19 19:45:28 -04:00
parent e6782b355a
commit c239c57d3c
2 changed files with 14 additions and 7 deletions

4
changes/bug6211 Normal file
View File

@ -0,0 +1,4 @@
o Minor bugfixes:
- Fix a bug that stopped AllowDotExit from working on addresses
that had an entry in the DNS cache. Fixes bug 6211; bugfix on
0.2.3.17-beta.

View File

@ -1100,8 +1100,8 @@ addressmap_match_superdomains(char *address)
* address starts out as a non-exit address, and we remap it to an .exit
* address at any point, then set *<b>exit_source_out</b> to the
* address_entry_source_t of the first such rule. Set *<b>exit_source_out</b>
* to ADDRMAPSRC_NONE if there is no such rewrite.
*
* to ADDRMAPSRC_NONE if there is no such rewrite, or if the original address
* was a .exit.
*/
int
addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
@ -1111,10 +1111,12 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
int rewrites;
time_t expires = TIME_MAX;
addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE;
char *addr_orig = tor_strdup(address);
char *log_addr_orig = NULL;
for (rewrites = 0; rewrites < 16; rewrites++) {
int exact_match = 0;
char *addr_orig = tor_strdup(escaped_safe_str_client(address));
log_addr_orig = tor_strdup(escaped_safe_str_client(address));
ent = strmap_get(addressmap, address);
@ -1125,7 +1127,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
!strcasecmp(address, ent->new_address)) {
/* This is a rule like *.example.com example.com, and we just got
* "example.com" */
tor_free(addr_orig);
goto done;
}
@ -1133,7 +1134,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
if (!ent || !ent->new_address) {
tor_free(addr_orig);
goto done;
}
@ -1151,10 +1151,11 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
log_info(LD_APP, "Addressmap: rewriting %s to %s",
addr_orig, escaped_safe_str_client(address));
log_addr_orig, escaped_safe_str_client(address));
if (ent->expires > 1 && ent->expires < expires)
expires = ent->expires;
tor_free(addr_orig);
tor_free(log_addr_orig);
}
log_warn(LD_CONFIG,
"Loop detected: we've rewritten %s 16 times! Using it as-is.",
@ -1162,6 +1163,8 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
/* it's fine to rewrite a rewrite, but don't loop forever */
done:
tor_free(addr_orig);
tor_free(log_addr_orig);
if (exit_source_out)
*exit_source_out = exit_source;
if (expires_out)