[or-cvs] r14107: Fix the other lingering part of bug 617: make ClientDNSRejec (in tor/trunk: . src/or)
nickm at seul.org
nickm at seul.org
Tue Mar 18 18:51:35 UTC 2008
Author: nickm
Date: 2008-03-18 14:51:34 -0400 (Tue, 18 Mar 2008)
New Revision: 14107
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/or/connection_edge.c
tor/trunk/src/or/dns.c
tor/trunk/src/or/or.h
Log:
r18937 at catbus: nickm | 2008-03-18 14:50:39 -0400
Fix the other lingering part of bug 617: make ClientDNSRejectInternalAddresses actually work.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r18937] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-03-18 17:36:50 UTC (rev 14106)
+++ tor/trunk/ChangeLog 2008-03-18 18:51:34 UTC (rev 14107)
@@ -3,6 +3,9 @@
- Stop giving double-close warn when we reject an address for client DNS.
- On Windows, correctly detect errors when listing the contents of a
directory. Fix from lodger. (Bugfix on 0.1.2.x.)
+ - Fix the implementation of ClientDNSRejectInternalAddresses so that it
+ actually works, and doesn't warn about every single reverse lookup.
+ Fixes the other part of bug 617. Bugfix on 0.2.0.1-alpha.
o Minor features:
- Allow separate log levels to be configured for different logging
Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c 2008-03-18 17:36:50 UTC (rev 14106)
+++ tor/trunk/src/or/connection_edge.c 2008-03-18 18:51:34 UTC (rev 14107)
@@ -1331,8 +1331,17 @@
if (options->ClientDNSRejectInternalAddresses) {
/* Don't let people try to do a reverse lookup on 10.0.0.1. */
tor_addr_t addr;
- if (tor_addr_from_str(&addr, socks->address) >= 0 &&
- tor_addr_is_internal(&addr, 0)) {
+ struct in_addr in;
+ int ok;
+ if (!strcasecmpend(socks->address, ".in-addr.arpa"))
+ ok = !parse_inaddr_arpa_address(socks->address, &in);
+ else
+ ok = tor_inet_aton(socks->address, &in);
+ /*XXXX021 make this a function. */
+ addr.family = AF_INET;
+ memcpy(&addr.addr.in_addr, &in, sizeof(struct in_addr));
+
+ if (ok && tor_addr_is_internal(&addr, 0)) {
connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
0, NULL, -1, TIME_MAX);
connection_mark_unattached_ap(conn,
Modified: tor/trunk/src/or/dns.c
===================================================================
--- tor/trunk/src/or/dns.c 2008-03-18 17:36:50 UTC (rev 14106)
+++ tor/trunk/src/or/dns.c 2008-03-18 18:51:34 UTC (rev 14107)
@@ -481,7 +481,8 @@
* parse it and place the address in <b>in</b> if present. Return 1 on success;
* 0 if the address is not in in-addr.arpa format, and -1 if the address is
* malformed. */
-static int
+/* XXXX021 move this to util.c. */
+int
parse_inaddr_arpa_address(const char *address, struct in_addr *in)
{
char buf[INET_NTOA_BUF_LEN];
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2008-03-18 17:36:50 UTC (rev 14106)
+++ tor/trunk/src/or/or.h 2008-03-18 18:51:34 UTC (rev 14107)
@@ -3246,6 +3246,7 @@
void dns_launch_correctness_checks(void);
int dns_seems_to_be_broken(void);
void dns_reset_correctness_checks(void);
+int parse_inaddr_arpa_address(const char *address, struct in_addr *in);
/********************************* dnsserv.c ************************/
More information about the tor-commits
mailing list