[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17342: {tor} backport r17135: ClientDNSRejectInternalAddresses not consis (in tor/branches/tor-0_2_0-patches: . doc src/or)



Author: arma
Date: 2008-11-20 17:21:31 -0500 (Thu, 20 Nov 2008)
New Revision: 17342

Modified:
   tor/branches/tor-0_2_0-patches/ChangeLog
   tor/branches/tor-0_2_0-patches/doc/TODO.020
   tor/branches/tor-0_2_0-patches/src/or/relay.c
Log:
backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.


Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog	2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/ChangeLog	2008-11-20 22:21:31 UTC (rev 17342)
@@ -7,6 +7,11 @@
       detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
       in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
       and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
 
   o Major bugfixes:
     - Fix a DOS opportunity during the voting signature collection process

Modified: tor/branches/tor-0_2_0-patches/doc/TODO.020
===================================================================
--- tor/branches/tor-0_2_0-patches/doc/TODO.020	2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/doc/TODO.020	2008-11-20 22:21:31 UTC (rev 17342)
@@ -3,7 +3,7 @@
 description of the patch.)
 
 Backport for 0.2.0:
-  - r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
+  o r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
 
 Backport for 0.2.0 once better tested:
   o r16136: prevent circid collision.  [Also backport to 0.1.2.x??]

Modified: tor/branches/tor-0_2_0-patches/src/or/relay.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/relay.c	2008-11-20 22:05:04 UTC (rev 17341)
+++ tor/branches/tor-0_2_0-patches/src/or/relay.c	2008-11-20 22:21:31 UTC (rev 17342)
@@ -751,8 +751,11 @@
             ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
           else
             ttl = -1;
-          client_dns_set_addressmap(conn->socks_request->address, addr,
-                                    conn->chosen_exit_name, ttl);
+
+          if (!(get_options()->ClientDNSRejectInternalAddresses &&
+                                           is_internal_IP(addr, 0)))
+            client_dns_set_addressmap(conn->socks_request->address, addr,
+                                      conn->chosen_exit_name, ttl);
         }
         /* check if he *ought* to have allowed it */
         if (exitrouter &&