[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r14108: Backport: Fix the other lingering part of bug 617: make Clie (in tor/branches/tor-0_2_0-patches: . src/or)
Author: nickm
Date: 2008-03-18 14:51:42 -0400 (Tue, 18 Mar 2008)
New Revision: 14108
Modified:
   tor/branches/tor-0_2_0-patches/
   tor/branches/tor-0_2_0-patches/ChangeLog
   tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
   tor/branches/tor-0_2_0-patches/src/or/dns.c
   tor/branches/tor-0_2_0-patches/src/or/or.h
Log:
 r18938@catbus:  nickm | 2008-03-18 14:51:30 -0400
 Backport: Fix the other lingering part of bug 617: make ClientDNSRejectInternalAddresses actually work.
Property changes on: tor/branches/tor-0_2_0-patches
___________________________________________________________________
 svk:merge ticket from /tor/020 [r18938] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog	2008-03-18 18:51:34 UTC (rev 14107)
+++ tor/branches/tor-0_2_0-patches/ChangeLog	2008-03-18 18:51:42 UTC (rev 14108)
@@ -46,6 +46,9 @@
     - Make sure that the "NULL-means-reject *:*" convention is followed by
       all the policy manipulation functions, avoiding some possible crash
       bugs. Bug found by lodger. Bugfix on 0.2.0.16-alpha.
+    - Fix the implementation of ClientDNSRejectInternalAddresses so that it
+      actually works, and doesn't warn about every single reverse lookup.
+      Fixes the other part of bug 617.  Bugfix on 0.2.0.1-alpha.
 
   o Minor features:
     - Only log guard node status when guard node status has changed.
Modified: tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/connection_edge.c	2008-03-18 18:51:34 UTC (rev 14107)
+++ tor/branches/tor-0_2_0-patches/src/or/connection_edge.c	2008-03-18 18:51:42 UTC (rev 14108)
@@ -1328,8 +1328,17 @@
     if (options->ClientDNSRejectInternalAddresses) {
       /* Don't let people try to do a reverse lookup on 10.0.0.1. */
       tor_addr_t addr;
-      if (tor_addr_from_str(&addr, socks->address) >= 0 &&
-          tor_addr_is_internal(&addr, 0)) {
+      struct in_addr in;
+      int ok;
+      if (!strcasecmpend(socks->address, ".in-addr.arpa"))
+        ok = !parse_inaddr_arpa_address(socks->address, &in);
+      else
+        ok = tor_inet_aton(socks->address, &in);
+      /*XXXX021 make this a function. */
+      addr.family = AF_INET;
+      memcpy(&addr.addr.in_addr, &in, sizeof(struct in_addr));
+
+      if (ok && tor_addr_is_internal(&addr, 0)) {
         connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
                                                0, NULL, -1, TIME_MAX);
         connection_mark_unattached_ap(conn,
Modified: tor/branches/tor-0_2_0-patches/src/or/dns.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/dns.c	2008-03-18 18:51:34 UTC (rev 14107)
+++ tor/branches/tor-0_2_0-patches/src/or/dns.c	2008-03-18 18:51:42 UTC (rev 14108)
@@ -481,7 +481,8 @@
  * parse it and place the address in <b>in</b> if present. Return 1 on success;
  * 0 if the address is not in in-addr.arpa format, and -1 if the address is
  * malformed. */
-static int
+/* XXXX021 move this to util.c. */
+int
 parse_inaddr_arpa_address(const char *address, struct in_addr *in)
 {
   char buf[INET_NTOA_BUF_LEN];
Modified: tor/branches/tor-0_2_0-patches/src/or/or.h
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/or.h	2008-03-18 18:51:34 UTC (rev 14107)
+++ tor/branches/tor-0_2_0-patches/src/or/or.h	2008-03-18 18:51:42 UTC (rev 14108)
@@ -3235,6 +3235,7 @@
 void dns_launch_correctness_checks(void);
 int dns_seems_to_be_broken(void);
 void dns_reset_correctness_checks(void);
+int parse_inaddr_arpa_address(const char *address, struct in_addr *in);
 
 /********************************* dnsserv.c ************************/