[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17342: {tor} backport r17135: ClientDNSRejectInternalAddresses not consis (in tor/branches/tor-0_2_0-patches: . doc src/or)
Author: arma
Date: 2008-11-20 17:21:31 -0500 (Thu, 20 Nov 2008)
New Revision: 17342
Modified:
tor/branches/tor-0_2_0-patches/ChangeLog
tor/branches/tor-0_2_0-patches/doc/TODO.020
tor/branches/tor-0_2_0-patches/src/or/relay.c
Log:
backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog 2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/ChangeLog 2008-11-20 22:21:31 UTC (rev 17342)
@@ -7,6 +7,11 @@
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+ - The "ClientDNSRejectInternalAddresses" config option wasn't being
+ consistently obeyed: if an exit relay refuses a stream because its
+ exit policy doesn't allow it, we would remember what IP address
+ the relay said the destination address resolves to, even if it's
+ an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
o Major bugfixes:
- Fix a DOS opportunity during the voting signature collection process
Modified: tor/branches/tor-0_2_0-patches/doc/TODO.020
===================================================================
--- tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-11-20 22:21:31 UTC (rev 17342)
@@ -3,7 +3,7 @@
description of the patch.)
Backport for 0.2.0:
- - r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
+ o r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
Backport for 0.2.0 once better tested:
o r16136: prevent circid collision. [Also backport to 0.1.2.x??]
Modified: tor/branches/tor-0_2_0-patches/src/or/relay.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/relay.c 2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/src/or/relay.c 2008-11-20 22:21:31 UTC (rev 17342)
@@ -751,8 +751,11 @@
ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
else
ttl = -1;
- client_dns_set_addressmap(conn->socks_request->address, addr,
- conn->chosen_exit_name, ttl);
+
+ if (!(get_options()->ClientDNSRejectInternalAddresses &&
+ is_internal_IP(addr, 0)))
+ client_dns_set_addressmap(conn->socks_request->address, addr,
+ conn->chosen_exit_name, ttl);
}
/* check if he *ought* to have allowed it */
if (exitrouter &&