r15273@tombo: nickm | 2008-04-22 12:32:28 -0400

apply patch from lodger: reject requests for reverse-dns lookup of names in private address space.  make non-exits reject all dns requests.  Fixes bug 619.


svn:r14410
This commit is contained in:
Nick Mathewson 2008-04-22 16:32:55 +00:00
parent 6e979489dc
commit ef9c34688c
2 changed files with 19 additions and 4 deletions

View File

@ -29,6 +29,8 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
nwf, bugfix on 0.2.0.16-alpha.
- Warn less verbosely about clock skew from netinfo cells from
untrusted sources. Fixes bug 663.
- Non-exit relays no longer allow DNS requests. Fixes bug 619.
Patch from Lodger.
o Minor features:
- Allow separate log levels to be configured for different logging
@ -61,7 +63,12 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
descriptors we need to keep around when we're cleaning out old
router descriptors. This speeds up the computation significantly, and
may reduce fragmentation.
- Make dumpstats() log the fullness and size of openssl-internal buffers.
- Make dumpstats() log the fullness and size of openssl-internal
buffers.
o Minor features (security):
- Reject requests for reverse-dns lookup of names in a private
address space. Patch from Lodger.
o Code simplifications and refactoring:
- Refactor code using connection_ap_handshake_attach_circuit() to

View File

@ -549,9 +549,14 @@ dns_resolve(edge_connection_t *exitconn)
or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
int is_resolve, r;
char *hostname = NULL;
routerinfo_t *me = router_get_my_routerinfo();
is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE;
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
if (is_resolve && me &&
policy_is_reject_star(me->exit_policy)) /* non-exit */
r = -1;
else
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
switch (r) {
case 1:
/* We got an answer without a lookup -- either the answer was
@ -660,9 +665,12 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
* .in-addr.arpa address but this isn't a resolve request, kill the
* connection.
*/
if ((r = parse_inaddr_arpa_address(exitconn->_base.address, NULL)) != 0) {
if (r == 1)
if ((r = parse_inaddr_arpa_address(exitconn->_base.address, &in)) != 0) {
if (r == 1) {
is_reverse = 1;
if (is_internal_IP(ntohl(in.s_addr), 0)) /* internal address */
return -1;
}
if (!is_reverse || !is_resolve) {
if (!is_reverse)