backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.

svn:r17342

ChangeLog

@@ -7,6 +7,11 @@ Changes in version 0.2.0.32 - 2008-??-??
       detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
       in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
       and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
 
   o Major bugfixes:
     - Fix a DOS opportunity during the voting signature collection process

doc/TODO.020

@@ -3,7 +3,7 @@
 description of the patch.)
 
 Backport for 0.2.0:
-  - r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
+  o r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
 
 Backport for 0.2.0 once better tested:
   o r16136: prevent circid collision.  [Also backport to 0.1.2.x??]

src/or/relay.c

@@ -751,8 +751,11 @@ connection_edge_process_end_not_open(
             ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
           else
             ttl = -1;
-          client_dns_set_addressmap(conn->socks_request->address, addr,
-                                    conn->chosen_exit_name, ttl);
+
+          if (!(get_options()->ClientDNSRejectInternalAddresses &&
+                                           is_internal_IP(addr, 0)))
+            client_dns_set_addressmap(conn->socks_request->address, addr,
+                                      conn->chosen_exit_name, ttl);
         }
         /* check if he *ought* to have allowed it */
         if (exitrouter &&