|
|
@@ -1893,7 +1893,7 @@ options_validate(or_options_t *old_options, or_options_t *options)
|
|
|
"LongLivedPorts") < 0)
|
|
|
result = -1;
|
|
|
|
|
|
- if (options->FascistFirewall) {
|
|
|
+ if (options->FascistFirewall && !options->ReachableAddresses) {
|
|
|
smartlist_t *instead = smartlist_create();
|
|
|
config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
|
|
|
new_line->key = tor_strdup("ReachableAddresses");
|
|
|
@@ -1915,7 +1915,6 @@ options_validate(or_options_t *old_options, or_options_t *options)
|
|
|
new_line->value = smartlist_join_strings(instead,",",0,NULL);
|
|
|
/* These have been deprecated since 0.1.1.5-alpha-cvs */
|
|
|
log(LOG_NOTICE, LD_CONFIG, "Converting FascistFirewall and FirewallPorts config options to new format: \"ReachableAddresses %s\"", new_line->value);
|
|
|
- new_line->next = options->ReachableAddresses;
|
|
|
options->ReachableAddresses = new_line;
|
|
|
SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
|
|
|
smartlist_free(instead);
|
|
|
@@ -1924,12 +1923,17 @@ options_validate(or_options_t *old_options, or_options_t *options)
|
|
|
if (options->ReachableAddresses) {
|
|
|
/* We need to end with a reject *:*, not an implicit accept *:* */
|
|
|
config_line_t **linep = &options->ReachableAddresses;
|
|
|
- while (*linep) {
|
|
|
+ for(;;) {
|
|
|
+ if (!strcmp((*linep)->value, "reject *:*")) /* already there */
|
|
|
+ break;
|
|
|
linep = &((*linep)->next);
|
|
|
+ if (!*linep) {
|
|
|
+ *linep = tor_malloc_zero(sizeof(config_line_t));
|
|
|
+ (*linep)->key = tor_strdup("ReachableAddresses");
|
|
|
+ (*linep)->value = tor_strdup("reject *:*");
|
|
|
+ break;
|
|
|
+ }
|
|
|
}
|
|
|
- *linep = tor_malloc_zero(sizeof(config_line_t));
|
|
|
- (*linep)->key = tor_strdup("ReachableAddresses");
|
|
|
- (*linep)->value = tor_strdup("reject *:*");
|
|
|
}
|
|
|
|
|
|
options->_AllowUnverified = 0;
|
Roger Dingledine