nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-12-01 08:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't let bad DNS make exit policy and declared exit policy get out of sync

Browse Source 
Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
This commit is contained in:
Nick Mathewson 2011-02-22 14:06:28 -05:00
parent 9d5873cdae
commit cdc59c198a
4 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
changes/bug2366 Normal file
View File

@ -0,0 +1,8 @@
o Minor bugfixes
- When a relay decides that its DNS is too broken for it to serve
as an exit server, it advertised itself as a non-exit, but
continued to act as an exit. This could create accidental
partitioning opportunities for users. Instead, if a relay is
going to advertise reject *:* as its exit policy, it should
really act with exit policy "reject *:*". Fixes bug 2366.
Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.

8
src/or/policies.c
View File

@ -858,6 +858,14 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
return 0; return 0;
} }
/** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
* *<b>dest</b> as needed. */
void
policies_exit_policy_append_reject_star(smartlist_t **dest)
{
append_exit_policy_string(dest, "reject *:*");
}
/** Replace the exit policy of <b>r</b> with reject *:*. */ /** Replace the exit policy of <b>r</b> with reject *:*. */
void void
policies_set_router_exitpolicy_to_reject_all(routerinfo_t *r) policies_set_router_exitpolicy_to_reject_all(routerinfo_t *r)

1
src/or/policies.h
View File

@ -41,6 +41,7 @@ addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
int rejectprivate, const char *local_address, int rejectprivate, const char *local_address,
int add_default_policy); int add_default_policy);
void policies_exit_policy_append_reject_star(smartlist_t **dest);
void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter); void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
int exit_policy_is_general_exit(smartlist_t *policy); int exit_policy_is_general_exit(smartlist_t *policy);
int policy_is_reject_star(const smartlist_t *policy); int policy_is_reject_star(const smartlist_t *policy);

15
src/or/router.c
View File

@ -1410,9 +1410,14 @@ router_rebuild_descriptor(int force)
ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess(); ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();
policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, if (dns_seems_to_be_broken() || has_dns_init_failed()) {
options->ExitPolicyRejectPrivate, /* DNS is screwed up; don't claim to be an exit. */
ri->address, !options->BridgeRelay); policies_exit_policy_append_reject_star(&ri->exit_policy);
} else {
policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
options->ExitPolicyRejectPrivate,
ri->address, !options->BridgeRelay);
}
ri->policy_is_reject_star = ri->policy_is_reject_star =
policy_is_reject_star(ri->exit_policy); policy_is_reject_star(ri->exit_policy);
@ -1866,9 +1871,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
} }
/* Write the exit policy to the end of 's'. */ /* Write the exit policy to the end of 's'. */
if (dns_seems_to_be_broken() || has_dns_init_failed() || if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
!router->exit_policy || !smartlist_len(router->exit_policy)) {
/* DNS is screwed up; don't claim to be an exit. */
strlcat(s+written, "reject *:*\n", maxlen-written); strlcat(s+written, "reject *:*\n", maxlen-written);
written += strlen("reject *:*\n"); written += strlen("reject *:*\n");
tmpe = NULL; tmpe = NULL;