backport r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
svn:r17342
This commit is contained in:
parent
6489570b89
commit
411de1fc79
|
@ -7,6 +7,11 @@ Changes in version 0.2.0.32 - 2008-??-??
|
||||||
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
|
detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
|
||||||
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
|
in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
|
||||||
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
|
and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
|
||||||
|
- The "ClientDNSRejectInternalAddresses" config option wasn't being
|
||||||
|
consistently obeyed: if an exit relay refuses a stream because its
|
||||||
|
exit policy doesn't allow it, we would remember what IP address
|
||||||
|
the relay said the destination address resolves to, even if it's
|
||||||
|
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
|
||||||
|
|
||||||
o Major bugfixes:
|
o Major bugfixes:
|
||||||
- Fix a DOS opportunity during the voting signature collection process
|
- Fix a DOS opportunity during the voting signature collection process
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
description of the patch.)
|
description of the patch.)
|
||||||
|
|
||||||
Backport for 0.2.0:
|
Backport for 0.2.0:
|
||||||
- r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
|
o r17135: ClientDNSRejectInternalAddresses not consistently obeyed.
|
||||||
|
|
||||||
Backport for 0.2.0 once better tested:
|
Backport for 0.2.0 once better tested:
|
||||||
o r16136: prevent circid collision. [Also backport to 0.1.2.x??]
|
o r16136: prevent circid collision. [Also backport to 0.1.2.x??]
|
||||||
|
|
|
@ -751,8 +751,11 @@ connection_edge_process_end_not_open(
|
||||||
ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
|
ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
|
||||||
else
|
else
|
||||||
ttl = -1;
|
ttl = -1;
|
||||||
client_dns_set_addressmap(conn->socks_request->address, addr,
|
|
||||||
conn->chosen_exit_name, ttl);
|
if (!(get_options()->ClientDNSRejectInternalAddresses &&
|
||||||
|
is_internal_IP(addr, 0)))
|
||||||
|
client_dns_set_addressmap(conn->socks_request->address, addr,
|
||||||
|
conn->chosen_exit_name, ttl);
|
||||||
}
|
}
|
||||||
/* check if he *ought* to have allowed it */
|
/* check if he *ought* to have allowed it */
|
||||||
if (exitrouter &&
|
if (exitrouter &&
|
||||||
|
|
Loading…
Reference in New Issue