17 years ago · 6a1746f98f
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,8 @@ Changes in version 0.1.2.2-alpha - 2006-??-??
 
				     - Check for name servers (like Earthlink's) that hijack failing DNS
			
 
				       requests and replace the 'no such server' answer with a "helpful"
			
 
				       redirect to an advertising-driven search portal.  [Resolves bug 330.]
			
 
				+    - When asked to resolve a hostname, don't use non-exit servers.  This
			
 
				+      allows servers with broken DNS be useful to the network.
			
 
				 
			
 
				   o Security Fixes, minor
			
 
				     - If a client asked for a server by name, and we didn't have a
			
--- a/doc/TODO
+++ b/doc/TODO
@@ -90,7 +90,7 @@ N - DNS improvements
 
				     o Option to deal with broken DNS of the "ggoogle.com? Ah, you meant
			
 
				       ads.me.com!" variety.
			
 
				       o Autodetect whether DNS is broken in this way.
			
 
				-    - Don't ask reject *:* nodes for DNS unless client wants you to.
			
 
				+    o Don't ask reject *:* nodes for DNS unless client wants you to.
			
 
				     . Asynchronous DNS
			
 
				       o Document and rename SearchDomains, ResolvConf options
			
 
				       D Make API closer to getaddrinfo()
			
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -929,9 +929,9 @@ circuit_reset_failure_count(int timeout)
 
				   n_circuit_failures = 0;
			
 
				 }
			
 
				 
			
 
				-/** Find an open circ that we're happy with: return 1. If there isn't
			
 
				- * one, and there isn't one on the way, launch one and return 0. If it
			
 
				- * will never work, return -1.
			
 
				+/** Find an open circ that we're happy to use for <b>conn</b> and return 1. If
			
 
				+ * there isn't one, and there isn't one on the way, launch one and return
			
 
				+ * 0. If it will never work, return -1.
			
 
				  *
			
 
				  * Write the found or in-progress or launched circ into *circp.
			
 
				  */
			
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2082,6 +2082,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
 
				                                     exit->exit_policy);
			
 
				     if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
			
 
				       return 0;
			
 
				+  } else {
			
 
				+    /* Don't send DNS requests to non-exit servers by default. */
			
 
				+    if (policy_is_reject_star(exit->exit_policy))
			
 
				+      return 0;
			
 
				   }
			
 
				   return 1;
			
 
				 }
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2269,6 +2269,7 @@ int policies_parse_exit_policy(config_line_t *cfg,
 
				                                addr_policy_t **dest,
			
 
				                                int rejectprivate);
			
 
				 int exit_policy_is_general_exit(addr_policy_t *policy);
			
 
				+int policy_is_reject_star(addr_policy_t *policy);
			
 
				 int policies_getinfo_helper(const char *question, char **answer);
			
 
				 
			
 
				 void addr_policy_free(addr_policy_t *p);
			
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -629,6 +629,22 @@ exit_policy_is_general_exit(addr_policy_t *policy)
 
				   return n_allowed >= 2;
			
 
				 }
			
 
				 
			
 
				+/** Return false if <b>policy</b> might permit access to some addr:port;
			
 
				+ * otherwise if we are certain it rejects everything, return true. */
			
 
				+int
			
 
				+policy_is_reject_star(addr_policy_t *p)
			
 
				+{
			
 
				+  for ( ; p; p = p->next) {
			
 
				+    if (p->policy_type == ADDR_POLICY_ACCEPT)
			
 
				+      return 0;
			
 
				+    else if (p->policy_type == ADDR_POLICY_REJECT &&
			
 
				+             p->prt_min <= 1 && p->prt_max == 65535 &&
			
 
				+             p->msk == 0)
			
 
				+      return 1;
			
 
				+  }
			
 
				+  return 1;
			
 
				+}
			
 
				+
			
 
				 int
			
 
				 policies_getinfo_helper(const char *question, char **answer)
			
 
				 {