[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sbws/maint-1.1] fix: relaylist: Check exit to all domains/ips

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [sbws/maint-1.1] fix: relaylist: Check exit to all domains/ips
From: juga@xxxxxxxxxxxxxx
Date: Wed, 22 Jul 2020 14:50:20 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 22 Jul 2020 10:50:45 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: juga <juga@xxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit d958915e5a1a2bd7f644ac96dc5aec6961f45d10
Author: juga <juga@xxxxxxxxxx>
Date:   Thu Jul 9 10:31:35 2020 +0000

    fix: relaylist: Check exit to all domains/ips
    
    When an exit policy allows to exit only to some subnet, it is not
    enough to check that it can exit to a port, since it can, but it might
    not be able to exit to the domain/ip of the sbws Web servers.
    To ensure that without having to check whether it can exit to a
    specific domain/ip, we can query the exit policy with `strict`.
    
    Closes #40006. Bugfix v1.0.3.
---
 sbws/lib/relaylist.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 1852199..ab7455e 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -197,7 +197,9 @@ class Relay:
         # Therefore, catch the exception here.
         try:
             if self.exit_policy:
-                return self.exit_policy.can_exit_to(port=port)
+                # Using `strict` to ensure it can exit to ALL domains
+                # and ips and that port. See #40006.
+                return self.exit_policy.can_exit_to(port=port, strict=True)
         except TypeError:
             return False
         return False



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [sbws/maint-1.1] Merge remote-tracking branch 'gitlab/merge-requests/19' into maint-1.1
Next by Author: [tor-commits] [onionperf/master] Add CDF-DL graph.
Previous by thread: [tor-commits] [sbws/maint-1.1] fix: v3bwfile: Count relay priority lists
Next by thread: [tor-commits] [sbws/maint-1.1] Vote on the relays with few or close measurements
Index(es):
- Author
- Thread