Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Don't let bad DNS make exit policy and declared exit policy get out of sync

Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
Nick Mathewson 13 years ago
parent
9d5873cdae
commit
cdc59c198a
4 changed files with 26 additions and 6 deletions
Split View Show Diff Stats
  1. 8 0
      changes/bug2366
  2. 8 0
      src/or/policies.c
  3. 1 0
      src/or/policies.h
  4. 9 6
      src/or/router.c

+ 8 - 0
changes/bug2366
View File 

@@ -0,0 +1,8 @@
 
+  o Minor bugfixes
 
+    - When a relay decides that its DNS is too broken for it to serve
 
+      as an exit server, it advertised itself as a non-exit, but
 
+      continued to act as an exit.  This could create accidental
 
+      partitioning opportunities for users.  Instead, if a relay is
 
+      going to advertise reject *:* as its exit policy, it should
 
+      really act with exit policy "reject *:*". Fixes bug 2366.
 
+      Bugfix on Tor 0.1.2.5-alpha.  Bugfix by user "postman" on trac.

+ 8 - 0
src/or/policies.c
View File 

@@ -858,6 +858,14 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
   return 0;
 
 }
 
 
+/** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
 
+ * *<b>dest</b> as needed. */
 
+void
 
+policies_exit_policy_append_reject_star(smartlist_t **dest)
 
+{
 
+  append_exit_policy_string(dest, "reject *:*");
 
+}
 
+
 
 /** Replace the exit policy of <b>r</b> with reject *:*. */
 
 void
 
 policies_set_router_exitpolicy_to_reject_all(routerinfo_t *r)

+ 1 - 0
src/or/policies.h
View File 

@@ -41,6 +41,7 @@ addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
 
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
                                int rejectprivate, const char *local_address,
 
                                int add_default_policy);
 
+void policies_exit_policy_append_reject_star(smartlist_t **dest);
 
 void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
 
 int exit_policy_is_general_exit(smartlist_t *policy);
 
 int policy_is_reject_star(const smartlist_t *policy);

+ 9 - 6
src/or/router.c
View File 

@@ -1410,9 +1410,14 @@ router_rebuild_descriptor(int force)
 
 
   ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();
 
 
-  policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
 
-                             options->ExitPolicyRejectPrivate,
 
-                             ri->address, !options->BridgeRelay);
 
+  if (dns_seems_to_be_broken() || has_dns_init_failed()) {
 
+    /* DNS is screwed up; don't claim to be an exit. */
 
+    policies_exit_policy_append_reject_star(&ri->exit_policy);
 
+  } else {
 
+    policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
 
+                               options->ExitPolicyRejectPrivate,
 
+                               ri->address, !options->BridgeRelay);
 
+  }
 
   ri->policy_is_reject_star =
 
     policy_is_reject_star(ri->exit_policy);
 
 
@@ -1866,9 +1871,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
 
   }
 
 
   /* Write the exit policy to the end of 's'. */
 
-  if (dns_seems_to_be_broken() || has_dns_init_failed() ||
 
-      !router->exit_policy || !smartlist_len(router->exit_policy)) {
 
-    /* DNS is screwed up; don't claim to be an exit. */
 
+  if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
 
     strlcat(s+written, "reject *:*\n", maxlen-written);
 
     written += strlen("reject *:*\n");
 
     tmpe = NULL;