[or-cvs] r9505: Only rewrite a conn's address based on X-Forwarded-For: head (in tor/trunk: . src/or)

[arma@xxxxxxxx]

Author: arma
Date: 2007-02-06 22:40:06 -0500 (Tue, 06 Feb 2007)
New Revision: 9505

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/directory.c
Log:
Only rewrite a conn's address based on X-Forwarded-For: headers
if it's a parseable public IP address; and stop adding extra quotes
to the resulting address.


Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-02-07 02:55:34 UTC (rev 9504)
+++ tor/trunk/ChangeLog	2007-02-07 03:40:06 UTC (rev 9505)
@@ -79,6 +79,9 @@
     - Call stat() slightly less often; use fstat() when possible.
     - Refactor the way we handle pending circuits when an OR connection
       completes or fails, in an attempt to fix a rare crash bug.
+    - Only rewrite a conn's address based on X-Forwarded-For: headers
+      if it's a parseable public IP address; and stop adding extra quotes
+      to the resulting address.
 
   o Major features:
     - Weight directory requests by advertised bandwidth. Now we can

Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c	2007-02-07 02:55:34 UTC (rev 9504)
+++ tor/trunk/src/or/directory.c	2007-02-07 03:40:06 UTC (rev 9505)
@@ -708,8 +708,14 @@
   if (!fwd)
     fwd = http_get_header(headers, "X-Forwarded-For: ");
   if (fwd) {
+    struct in_addr in;
+    if (!tor_inet_aton(fwd, &in) || is_internal_IP(ntohl(in.s_addr), 0)) {
+      log_debug(LD_DIR, "Ignoring unrecognized or internal IP '%s'", fwd);
+      tor_free(fwd);
+      return;
+    }
     tor_free(conn->address);
-    conn->address = tor_strdup(escaped(fwd));
+    conn->address = tor_strdup(fwd);
     tor_free(fwd);
   }
 }