(Backport to 0.2.0 branch) Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede. Bugfix, amusingly, on 0.0.9rc5.
svn:r16945
This commit is contained in:
parent
9d296f7701
commit
b9ea49103a
|
@ -5,7 +5,12 @@ Changes in version 0.2.0.32 - 2008-??-??
|
|||
correctly. (Found by Riastradh.)
|
||||
- Avoid a bug where the FistFirstHopPK 0 option would keep Tor from
|
||||
bootstrapping with tunneled directory connections. Bugfix on
|
||||
0.1.2.5-alpha. Fixes bug 797.
|
||||
0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
|
||||
- When asked to connect to A.B.exit:80, if we don't know the IP for A
|
||||
and we know that server B most-but-not all connections to port 80,
|
||||
we would previously reject the connection. Now, we assume the user
|
||||
knows what they were asking for. Fixes bug 752. Bugfix on 0.0.9rc5.
|
||||
Diagnosed by BarkerJr.
|
||||
|
||||
|
||||
Changes in version 0.2.0.31 - 2008-09-03
|
||||
|
|
|
@ -2807,8 +2807,12 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
|
|||
addr = ntohl(in.s_addr);
|
||||
r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
|
||||
exit->exit_policy);
|
||||
if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
|
||||
return 0;
|
||||
if (r == ADDR_POLICY_REJECTED)
|
||||
return 0; /* We know the address, and the exit policy rejects it. */
|
||||
if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name)
|
||||
return 0; /* We don't know the addr, but the exit policy rejects most
|
||||
* addresses with this port. Since the user didn't ask for
|
||||
* this node, err on the side of caution. */
|
||||
} else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
|
||||
/* Can't support reverse lookups without eventdns. */
|
||||
if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR &&
|
||||
|
|
Loading…
Reference in New Issue