r15273@tombo: nickm | 2008-04-22 12:32:28 -0400

apply patch from lodger: reject requests for reverse-dns lookup of names in private address space. make non-exits reject all dns requests. Fixes bug 619. svn:r14410
2024-11-27 22:03:31 +01:00 · 2008-04-22 16:32:55 +00:00 · 2008-04-22 16:32:55 +00:00 · ef9c34688c
commit ef9c34688c
parent 6e979489dc
2 changed files with 19 additions and 4 deletions
--- a/9
+++ b/9
@ -29,6 +29,8 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
      nwf, bugfix on 0.2.0.16-alpha.
    - Warn less verbosely about clock skew from netinfo cells from
      untrusted sources.  Fixes bug 663.
+    - Non-exit relays no longer allow DNS requests.  Fixes bug 619.
+      Patch from Lodger.

  o Minor features:
    - Allow separate log levels to be configured for different logging
@ -61,7 +63,12 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
      descriptors we need to keep around when we're cleaning out old
      router descriptors.  This speeds up the computation significantly, and
      may reduce fragmentation.
-    - Make dumpstats() log the fullness and size of openssl-internal buffers.
+    - Make dumpstats() log the fullness and size of openssl-internal
+      buffers.
+
+  o Minor features (security):
+    - Reject requests for reverse-dns lookup of names in a private
+      address space.  Patch from Lodger.

  o Code simplifications and refactoring:
    - Refactor code using connection_ap_handshake_attach_circuit() to
--- a/src/or/dns.c
+++ b/src/or/dns.c
@ -549,9 +549,14 @@ dns_resolve(edge_connection_t *exitconn)
  or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
  int is_resolve, r;
  char *hostname = NULL;
+  routerinfo_t *me = router_get_my_routerinfo();
  is_resolve = exitconn->_base.purpose == EXIT_PURPOSE_RESOLVE;

-  r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
+  if (is_resolve && me &&
+      policy_is_reject_star(me->exit_policy)) /* non-exit */
+    r = -1;
+  else
+    r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname);
  switch (r) {
    case 1:
      /* We got an answer without a lookup -- either the answer was
@ -660,9 +665,12 @@ dns_resolve_impl(edge_connection_t *exitconn, int is_resolve,
   * .in-addr.arpa address but this isn't a resolve request, kill the
   * connection.
   */
-  if ((r = parse_inaddr_arpa_address(exitconn->_base.address, NULL)) != 0) {
-    if (r == 1)
+  if ((r = parse_inaddr_arpa_address(exitconn->_base.address, &in)) != 0) {
+    if (r == 1) {
      is_reverse = 1;
+         if (is_internal_IP(ntohl(in.s_addr), 0)) /* internal address */
+           return -1;
+    }

    if (!is_reverse || !is_resolve) {
      if (!is_reverse)