Merge remote-tracking branch 'teor/exitpolicy-multicast'

changes/bug17763

@@ -0,0 +1,5 @@
+  o Minor bug fixes (exit policies):
+    - Consistently ignore multicast addresses when automatically
+      generating reject private exit policies.
+      Closes ticket 17763. Bug fix on 10a6390deb3c9,
+      not in any released version of Tor. Patch by "teor".

src/common/address.c

@@ -1528,7 +1528,7 @@ get_interface_addresses_raw,(int severity))
 }
 
 /** Return true iff <b>a</b> is a multicast address.  */
-STATIC int
+int
 tor_addr_is_multicast(const tor_addr_t *a)
 {
   sa_family_t family = tor_addr_family(a);

src/common/address.h

@@ -221,6 +221,7 @@ int tor_addr_is_internal_(const tor_addr_t *ip, int for_listening,
                           const char *filename, int lineno);
 #define tor_addr_is_internal(addr, for_listening) \
   tor_addr_is_internal_((addr), (for_listening), SHORT_FILE__, __LINE__)
+int tor_addr_is_multicast(const tor_addr_t *a);
 
 /** Longest length that can be required for a reverse lookup name. */
 /* 32 nybbles, 32 dots, 8 characters of "ip6.arpa", 1 NUL: 73 characters. */
@@ -311,7 +312,6 @@ tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port);
 
 #ifdef ADDRESS_PRIVATE
 MOCK_DECL(smartlist_t *,get_interface_addresses_raw,(int severity));
-STATIC int tor_addr_is_multicast(const tor_addr_t *a);
 MOCK_DECL(int,get_interface_address6_via_udp_socket_hack,(int severity,
                                                           sa_family_t family,
                                                           tor_addr_t *addr));

src/or/policies.c

@@ -907,7 +907,8 @@ addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
 static int
 tor_addr_is_public_for_reject(const tor_addr_t *addr)
 {
-  return !tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0);
+  return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0)
+          && !tor_addr_is_multicast(addr));
 }
 
 /* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed.