[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17139: {tor} Fix another case of refusing to use a chosen exit node becau (in tor/trunk: . src/or)



Author: nickm
Date: 2008-10-21 13:09:04 -0400 (Tue, 21 Oct 2008)
New Revision: 17139

Modified:
   tor/trunk/ChangeLog
   tor/trunk/src/or/circuituse.c
Log:
Fix another case of refusing to use a chosen exit node because we think it will reject _mostly_ everything.  Based on patch from rovv.  See bug 752.

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-10-21 16:51:59 UTC (rev 17138)
+++ tor/trunk/ChangeLog	2008-10-21 17:09:04 UTC (rev 17139)
@@ -34,6 +34,9 @@
     - If a broken client asks a non-exit router to connect somewhere,
       do not even do the DNS lookup before rejecting the connection.
       Fixes another case of bug 619.  Patch from rovv.
+    - Fix another case of assuming, when a specific exit is requested,
+      that we know more than the user about what hosts it allows.
+      Fixes another case of bug 752.  Patch from rovv.
 
 
 Changes in version 0.2.1.6-alpha - 2008-09-30

Modified: tor/trunk/src/or/circuituse.c
===================================================================
--- tor/trunk/src/or/circuituse.c	2008-10-21 16:51:59 UTC (rev 17138)
+++ tor/trunk/src/or/circuituse.c	2008-10-21 17:09:04 UTC (rev 17139)
@@ -1069,17 +1069,38 @@
 
   /* Do we need to check exit policy? */
   if (check_exit_policy) {
-    struct in_addr in;
-    uint32_t addr = 0;
-    if (tor_inet_aton(conn->socks_request->address, &in))
-      addr = ntohl(in.s_addr);
-    if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
-                                              need_uptime)) {
-      log_notice(LD_APP,
-                 "No Tor server exists that allows exit to %s:%d. Rejecting.",
-                 safe_str(conn->socks_request->address),
-                 conn->socks_request->port);
-      return -1;
+    if (!conn->chosen_exit_name) {
+      struct in_addr in;
+      uint32_t addr = 0;
+      if (tor_inet_aton(conn->socks_request->address, &in))
+        addr = ntohl(in.s_addr);
+      if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
+                                                need_uptime)) {
+        log_notice(LD_APP,
+                   "No Tor server exists that allows exit to %s:%d. Rejecting.",
+                   safe_str(conn->socks_request->address),
+                   conn->socks_request->port);
+        return -1;
+      }
+    } else {
+      /* XXXX021 Duplicates checks in connection_ap_handshake_attach_circuit
+       * XXXX021 Fix this, then backport it? */
+      routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1);
+      int opt = conn->_base.chosen_exit_optional;
+      if (router && !connection_ap_can_use_exit(conn, router)) {
+        log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+               "Requested exit point '%s' would refuse request. %s.",
+               conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+        if (opt) {
+          conn->_base.chosen_exit_optional = 0;
+          tor_free(conn->chosen_exit_name);
+          /* Try again. */
+          return circuit_get_open_circ_or_launch(conn,
+                                                 desired_circuit_purpose,
+                                                 circp);
+        }
+        return -1;
+      }
     }
   }