[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[PATCH] Add port support to TorBulkExitList.py



Currently, the Tor Bulk Exit List python CGI script only supports
creation of exit lists for port 80. For some services, such as IRC,
port 80 may not be sufficient. Thus, I've done the light lifting and
extended the prior handiwork of ioerror to support creating Bulk
Exit Lists for ports other than port 80. The patch submitted doesn't
expose this functionality outright, but adding a "port" query string
parameter will give access to this feature.

In doing so, I noticed two possible bugs whose fixes are included in
this patch and described below:

@@ -52,7 +53,7 @@
In this section of code, we've determined that the cashed file for
the (IP,port) tuple has not expired, so we intend to return the
cached file. Instead, the `parsedExitList` is being read, which
includes every node that has any exit port open. This means that the
first result would be correct, but, until the cache expires,
subsequent requests will return the full list of exit nodes.

@@ -170,10 +171,10 @@
In this section, we are figuring out what the DNSEL result means. If
an exit is allowed for the given (exit,port,IP) tuple, then
127.0.0.2 is returned as an address result. For the question of "is
this an allowed exit?" the deleted logic returns "no" if any DNS
answer entry does not match 127.0.0.2. However, the predicate here
should be "exists" rather than "all". The substitute logic returns
yes if any DNS answer entry matches 127.0.0.2.

Patch attached, comments welcome.

-- 
Marcus Griep
GPG Key ID: 0x070E3F2D
——
https://torproj.xpdm.us
Ακακια את.ψο´, 3°
Index: TorBulkExitList.py
===================================================================
--- TorBulkExitList.py  (revision 19666)
+++ TorBulkExitList.py  (working copy)
@@ -8,9 +8,10 @@
 from mod_python import util

 DNS.ParseResolvConf()
-def bulkCheck(RemoteServerIP):
+def bulkCheck(RemoteServerIP, RemotePort):
     parsedExitList = "/tmp/TorBulkCheck/parsed-exit-list"
-    cacheFile = parsedExitList + "-" + RemoteServerIP + ".cache"
+    cacheFile = parsedExitList + "-" + RemoteServerIP +\
+        "_" + RemotePort + ".cache"
     confirmedExits = []

     # Do we have a fresh exit cache?
@@ -34,7 +35,7 @@
         # the list
         for possibleExit in possibleExits:
             try:
-                if (isUsingTor(possibleExit, RemoteServerIP) == 0 ):
+                if (isUsingTor(possibleExit, RemoteServerIP, RemotePort) == 0 ):
                     confirmedExits.append(possibleExit)
             except:
                 return None
@@ -52,7 +53,7 @@

     else:
         # Lets return the cache
-        cachedExits = open(parsedExitList, 'r')
+        cachedExits = open(cacheFile, 'r')
         cachedExitList = cachedExits.readlines()
         return cachedExitList

@@ -170,10 +171,10 @@
             # We're getting unexpected data - fail closed
             return 2
         for a in answer.answers:
-            if a['data'] != "127.0.0.2":
-                return 2
+            if a['data'] == "127.0.0.2":
+                return 0
         # If we're here, we've had a positive exit answer
-        return 0
+        return 2

 def parseAddress(req):
     # Get the ip from apache
@@ -199,16 +200,21 @@
     req.content_type = 'text/plain; charset=utf-8'

     RemoteServerIP = parseAddress(req)
-    RemotePort = "80"
+    RemotePort = util.FieldStorage(req).getfirst("port", "80")

     if RemoteServerIP is not None:

         updateCache()
-        TestedExits = bulkCheck(RemoteServerIP)
+        TestedExits = bulkCheck(RemoteServerIP, RemotePort)
         req.write("# This is a list of all Tor exit nodes that can contact " + RemoteServerIP +
         " on Port " + RemotePort + " #\n")
+
+        querystring = "ip=%s" % RemoteServerIP
+       if RemotePort != "80":
+               querystring += "&port=%s" % RemotePort
+
         req.write("# You can update this list by visiting " + \
-        "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=%s #\n" % RemoteServerIP)
+        "https://check.torproject.org/cgi-bin/TorBulkExitList.py?%s #\n" % querystring)

         dateOfAccess = time.asctime(time.gmtime())
         req.write("# This file was generated on %s UTC #\n" % dateOfAccess)

Attachment: signature.asc
Description: OpenPGP digital signature