[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] fix an assert: check the sockspolicy before we make/add the...

Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or

Modified Files:
	connection.c 
Log Message:
fix an assert: check the sockspolicy before we make/add the connection,
else we close a connection without assigning it a state, which is bad
because it fails assert_conn_ok()


Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.244
retrieving revision 1.245
diff -u -d -r1.244 -r1.245
--- connection.c	20 Jul 2004 23:31:00 -0000	1.244
+++ connection.c	6 Aug 2004 09:56:36 -0000	1.245
@@ -412,6 +412,17 @@
 
   set_socket_nonblocking(news);
 
+  /* process entrance policies here, before we even create the connection */
+  if(new_type == CONN_TYPE_AP) {
+    /* check sockspolicy to see if we should accept it */
+    if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
+      log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
+             inet_ntoa(remote.sin_addr));
+      tor_close_socket(news);
+      return 0;
+    }
+  }
+
   newconn = connection_new(new_type);
   newconn->s = news;
 
@@ -442,11 +453,6 @@
     case CONN_TYPE_OR:
       return connection_tls_start_handshake(conn, 1);
     case CONN_TYPE_AP:
-      /* check sockspolicy to see if we should accept it */
-      if(socks_policy_permits_address(conn->addr) == 0) {
-        log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);
-        return -1;
-      }
       conn->state = AP_CONN_STATE_SOCKS_WAIT;
       break;
     case CONN_TYPE_DIR: