backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
svn:r17342
This commit is contained in:
parent
6489570b89
commit
411de1fc79
|
@ -7,6 +7,11 @@ Changes in version 0.2.0.32 - 2008-??-??
|
|||
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
|
||||
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
|
||||
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
|
||||
- The "ClientDNSRejectInternalAddresses" config option wasn't being
|
||||
consistently obeyed: if an exit relay refuses a stream because its
|
||||
exit policy doesn't allow it, we would remember what IP address
|
||||
the relay said the destination address resolves to, even if it's
|
||||
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
|
||||
|
||||
o Major bugfixes:
|
||||
- Fix a DOS opportunity during the voting signature collection process
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
description of the patch.)
|
||||
|
||||
Backport for 0.2.0:
|
||||
- r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
|
||||
o r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
|
||||
|
||||
Backport for 0.2.0 once better tested:
|
||||
o r16136: prevent circid collision. [Also backport to 0.1.2.x??]
|
||||
|
|
|
@ -751,8 +751,11 @@ connection_edge_process_end_not_open(
|
|||
ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
|
||||
else
|
||||
ttl = -1;
|
||||
client_dns_set_addressmap(conn->socks_request->address, addr,
|
||||
conn->chosen_exit_name, ttl);
|
||||
|
||||
if (!(get_options()->ClientDNSRejectInternalAddresses &&
|
||||
is_internal_IP(addr, 0)))
|
||||
client_dns_set_addressmap(conn->socks_request->address, addr,
|
||||
conn->chosen_exit_name, ttl);
|
||||
}
|
||||
/* check if he *ought* to have allowed it */
|
||||
if (exitrouter &&
|
||||
|
|
Loading…
Reference in New Issue