Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede. Bugfix, amusingly, on 0.0.9rc5.

svn:r16944

ChangeLog

@@ -35,7 +35,12 @@ Changes in version 0.2.1.6-alpha - 2008-09-xx
       still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
     - Avoid a bug where the FistFirstHopPK 0 option would keep Tor from
       bootstrapping with tunneled directory connections.  Bugfix on
-      0.1.2.5-alpha.  Fixes bug 797.
+      0.1.2.5-alpha.  Fixes bug 797.  Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B most-but-not all connections to port 80,
+      we would previously reject the connection.  Now, we assume the user
+      knows what they were asking for.  Fixes bug 752.  Bugfix on 0.0.9rc5.
+      Diagnosed by BarkerJr.
 
   o Minor features:
     - Update to the "September 1 2008" ip-to-country file.

src/or/connection_edge.c

@@ -2857,8 +2857,12 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
       addr = ntohl(in.s_addr);
     r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
                                     exit->exit_policy);
-    if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
-      return 0;
+    if (r == ADDR_POLICY_REJECTED)
+      return 0; /* We know the address, and the exit policy rejects it. */
+    if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name)
+      return 0; /* We don't know the addr, but the exit policy rejects most
+                 * addresses with this port. Since the user didn't ask for
+                 * this node, err on the side of caution. */
   } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
     /* Can't support reverse lookups without eventdns. */
     if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR &&