When we've disabled .exit hostnames, actually reject them.

Previously we were treating them as decent hostnames and sending them
to the exit, which is completely wrong.

ChangeLog

@@ -12,6 +12,9 @@ Changes in version 0.2.2.9-alpha - 2010-??-??
       when it updates its libraries in a security patch.
     - Fix static compilation by listing the openssl libraries in the right
       order.  Fixes bug 1237.
+    - Actually reject .exit hostnames when we're supposed to be rejecting
+      them; do not pass them on to the exit server.  Bugfix on 0.2.2.7-alpha;
+      found and diagnosed by Scott Bennett and Downie on or-talk.
 
   o Code simplifications and refactoring:
     - Generate our manpage and HTML documentation using Asciidoc.  This

src/or/connection_edge.c

@@ -2935,10 +2935,12 @@ parse_extended_hostname(char *address, int allowdotexit)
       if (allowdotexit) {
         *s = 0; /* NUL-terminate it */
         return EXIT_HOSTNAME; /* .exit */
-      } /* else */
-      log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
-               "security risks. Set AllowDotExit in your torrc to enable it.");
-      /* FFFF send a controller event too to notify Vidalia users */
+      } else {
+        log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to "
+                 "security risks. Set AllowDotExit in your torrc to enable it.");
+        /* FFFF send a controller event too to notify Vidalia users */
+        return BAD_HOSTNAME;
+      }
     }
     if (strcmp(s+1,"onion"))
       return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */