nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

r18896@catbus: nickm | 2008-03-17 16:10:54 -0400

Browse Source 
Fix bug in earlier bugfix.  Note stupidness of allowing NULL policies at all.  Disallow empty exit policies in router descriptors.


svn:r14082
This commit is contained in:
Nick Mathewson 2008-03-17 20:10:57 +00:00
parent 80ec9e51dd
commit e17e6371d1
3 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/spec/dir-spec.txt
View File

@ -466,11 +466,12 @@ $Id$
[Any number]
These lines describe an "exit policy": the rules that an OR follows when
deciding whether to allow a new stream to a given address. The
'exitpattern' syntax is described below. The rules are considered in
order; if no rule matches, the address will be accepted. For clarity,
the last such entry SHOULD be accept *:* or reject *:*.
These lines describe an "exit policy": the rules that an OR follows
when deciding whether to allow a new stream to a given address. The
'exitpattern' syntax is described below. There MUST be at least one
such entry. The rules are considered in order; if no rule matches,
the address will be accepted. For clarity, the last such entry SHOULD
be accept *:* or reject *:*.
"router-signature" NL Signature NL

10
src/or/policies.c
View File

@ -51,7 +51,7 @@ policy_expand_private(smartlist_t **policy)
int i;
smartlist_t *tmp;
if (!*policy)
if (!*policy) /*XXXX021 disallow NULL policies */
return;
tmp = smartlist_create();
@ -530,10 +530,8 @@ compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
int match = 0;
int maybe = 0;
int i, len;
if (!policy)
return ADDR_POLICY_REJECTED;
len = smartlist_len(policy);
len = policy ? smartlist_len(policy) : 0;
for (i = 0; i < len; ++i) {
addr_policy_t *tmpe = smartlist_get(policy, i);
@ -767,7 +765,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
static const int ports[] = { 80, 443, 6667 };
int n_allowed = 0;
int i;
if (!policy)
if (!policy) /*XXXX021 disallow NULL policies */
return 0;
for (i = 0; i < 3; ++i) {
@ -793,7 +791,7 @@ exit_policy_is_general_exit(smartlist_t *policy)
int
policy_is_reject_star(smartlist_t *policy)
{
if (!policy)
if (!policy) /*XXXX021 disallow NULL policies */
return 1;
SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
if (p->policy_type == ADDR_POLICY_ACCEPT)

4
src/or/routerparse.c
View File

@ -1272,6 +1272,10 @@ router_parse_entry_from_string(const char *s, const char *end,
}
exit_policy_tokens = find_all_exitpolicy(tokens);
if (!smartlist_len(exit_policy_tokens)) {
log_warn(LD_DIR, "No exit policy tokens in descriptor.");
goto err;
}
SMARTLIST_FOREACH(exit_policy_tokens, directory_token_t *, t,
if (router_add_exit_policy(router,t)<0) {
log_warn(LD_DIR,"Error in exit policy");