|
@@ -1119,25 +1119,22 @@ policies_parse_exit_policy_reject_private(
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-#define DEFAULT_EXIT_POLICY \
|
|
|
|
|
- "reject *:25,reject *:119,reject *:135-139,reject *:445," \
|
|
|
|
|
- "reject *:563,reject *:1214,reject *:4661-4666," \
|
|
|
|
|
- "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
|
|
|
|
|
-
|
|
|
|
|
/**
|
|
/**
|
|
|
- * Iterates through *<b>dest</b> and logs a warning with first
|
|
|
|
|
|
|
+ * Iterates through <b>dest</b> and logs a warning with first
|
|
|
* redundant entry if found
|
|
* redundant entry if found
|
|
|
*/
|
|
*/
|
|
|
-static void
|
|
|
|
|
-policies_log_first_redundant_entry(smartlist_t** dest) {
|
|
|
|
|
|
|
+static void
|
|
|
|
|
+policies_log_first_redundant_entry(const smartlist_t* dest)
|
|
|
|
|
+{
|
|
|
int found_final_effective_entry = 0;
|
|
int found_final_effective_entry = 0;
|
|
|
int first_redundant_entry = 0;
|
|
int first_redundant_entry = 0;
|
|
|
- for (int i = 0; i < smartlist_len(*dest); ++i) {
|
|
|
|
|
|
|
+ tor_assert(dest);
|
|
|
|
|
+ for (int i = 0; i < smartlist_len(dest); ++i) {
|
|
|
sa_family_t family;
|
|
sa_family_t family;
|
|
|
addr_policy_t *p;
|
|
addr_policy_t *p;
|
|
|
int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
|
|
int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
|
|
|
|
|
|
|
|
- p = smartlist_get(*dest, i);
|
|
|
|
|
|
|
+ p = smartlist_get(dest, i);
|
|
|
|
|
|
|
|
/* Look for accept/reject *[4|6|]:* entires */
|
|
/* Look for accept/reject *[4|6|]:* entires */
|
|
|
if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
|
|
if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
|
|
@@ -1160,7 +1157,7 @@ policies_log_first_redundant_entry(smartlist_t** dest) {
|
|
|
if (found_ipv4_wildcard && found_ipv6_wildcard) {
|
|
if (found_ipv4_wildcard && found_ipv6_wildcard) {
|
|
|
found_final_effective_entry = 1;
|
|
found_final_effective_entry = 1;
|
|
|
/* if we're not on the final entry in the list */
|
|
/* if we're not on the final entry in the list */
|
|
|
- if (i < smartlist_len(*dest) - 1) {
|
|
|
|
|
|
|
+ if (i < smartlist_len(dest) - 1) {
|
|
|
first_redundant_entry = i + 1;
|
|
first_redundant_entry = i + 1;
|
|
|
}
|
|
}
|
|
|
break;
|
|
break;
|
|
@@ -1174,8 +1171,8 @@ policies_log_first_redundant_entry(smartlist_t** dest) {
|
|
|
* which contains a max-length IPv6 address, plus 24 characters. */
|
|
* which contains a max-length IPv6 address, plus 24 characters. */
|
|
|
char line[TOR_ADDR_BUF_LEN + 32];
|
|
char line[TOR_ADDR_BUF_LEN + 32];
|
|
|
|
|
|
|
|
- tor_assert(first_redundant_entry < smartlist_len(*dest));
|
|
|
|
|
- p = smartlist_get(*dest, first_redundant_entry);
|
|
|
|
|
|
|
+ tor_assert(first_redundant_entry < smartlist_len(dest));
|
|
|
|
|
+ p = smartlist_get(dest, first_redundant_entry);
|
|
|
/* since we've already parsed the policy into an addr_policy_t struct,
|
|
/* since we've already parsed the policy into an addr_policy_t struct,
|
|
|
* we might not log exactly what the user typed in */
|
|
* we might not log exactly what the user typed in */
|
|
|
policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);
|
|
policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);
|
|
@@ -1187,6 +1184,11 @@ policies_log_first_redundant_entry(smartlist_t** dest) {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+#define DEFAULT_EXIT_POLICY \
|
|
|
|
|
+ "reject *:25,reject *:119,reject *:135-139,reject *:445," \
|
|
|
|
|
+ "reject *:563,reject *:1214,reject *:4661-4666," \
|
|
|
|
|
+ "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
|
|
|
|
|
+
|
|
|
/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
|
|
/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
|
|
|
*
|
|
*
|
|
|
* If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
|
|
* If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
|
|
@@ -1235,7 +1237,7 @@ policies_parse_exit_policy_internal(config_line_t *cfg,
|
|
|
/* Before we add the default policy and final rejects, check to see if
|
|
/* Before we add the default policy and final rejects, check to see if
|
|
|
* there are any lines after accept *:* or reject *:*. These lines have no
|
|
* there are any lines after accept *:* or reject *:*. These lines have no
|
|
|
* effect, and are most likely an error. */
|
|
* effect, and are most likely an error. */
|
|
|
- policies_log_first_redundant_entry(dest);
|
|
|
|
|
|
|
+ policies_log_first_redundant_entry(*dest);
|
|
|
|
|
|
|
|
if (add_default_policy) {
|
|
if (add_default_policy) {
|
|
|
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
|
|
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
|
teor (Tim Wilson-Brown)