From e17e6371d1b2ef034f0860a19e5825cae61600be Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 17 Mar 2008 20:10:57 +0000
Subject: [PATCH]  r18896@catbus:  nickm | 2008-03-17 16:10:54 -0400  Fix bug
 in earlier bugfix.  Note stupidness of allowing NULL policies at all. 
 Disallow empty exit policies in router descriptors.

svn:r14082
---
 doc/spec/dir-spec.txt | 11 ++++++-----
 src/or/policies.c     | 10 ++++------
 src/or/routerparse.c  |  4 ++++
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index fe8039bc7d..9b184aeb87 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -466,11 +466,12 @@ $Id$
 
        [Any number]
 
-       These lines describe an "exit policy": the rules that an OR follows when
-       deciding whether to allow a new stream to a given address.  The
-       'exitpattern' syntax is described below.  The rules are considered in
-       order; if no rule matches, the address will be accepted.  For clarity,
-       the last such entry SHOULD be accept *:* or reject *:*.
+       These lines describe an "exit policy": the rules that an OR follows
+       when deciding whether to allow a new stream to a given address.  The
+       'exitpattern' syntax is described below.  There MUST be at least one
+       such entry.  The rules are considered in order; if no rule matches,
+       the address will be accepted.  For clarity, the last such entry SHOULD
+       be accept *:* or reject *:*.
 
     "router-signature" NL Signature NL
 
diff --git a/src/or/policies.c b/src/or/policies.c
index 20c1fb9186..cccc72acbb 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -51,7 +51,7 @@ policy_expand_private(smartlist_t **policy)
   int i;
   smartlist_t *tmp;
 
-  if (!*policy)
+  if (!*policy) /*XXXX021 disallow NULL policies */
     return;
 
   tmp = smartlist_create();
@@ -530,10 +530,8 @@ compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
   int match = 0;
   int maybe = 0;
   int i, len;
-  if (!policy)
-    return ADDR_POLICY_REJECTED;
 
-  len = smartlist_len(policy);
+  len = policy ? smartlist_len(policy) : 0;
 
   for (i = 0; i < len; ++i) {
     addr_policy_t *tmpe = smartlist_get(policy, i);
@@ -767,7 +765,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
   static const int ports[] = { 80, 443, 6667 };
   int n_allowed = 0;
   int i;
-  if (!policy)
+  if (!policy) /*XXXX021 disallow NULL policies */
     return 0;
 
   for (i = 0; i < 3; ++i) {
@@ -793,7 +791,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
 int
 policy_is_reject_star(smartlist_t *policy)
 {
-  if (!policy)
+  if (!policy) /*XXXX021 disallow NULL policies */
     return 1;
   SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
     if (p->policy_type == ADDR_POLICY_ACCEPT)
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 1b77d992a3..31b10baf30 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1272,6 +1272,10 @@ router_parse_entry_from_string(const char *s, const char *end,
   }
 
   exit_policy_tokens = find_all_exitpolicy(tokens);
+  if (!smartlist_len(exit_policy_tokens)) {
+    log_warn(LD_DIR, "No exit policy tokens in descriptor.");
+    goto err;
+  }
   SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
                     if (router_add_exit_policy(router,t)<0) {
                       log_warn(LD_DIR,"Error in exit policy");