[or-cvs] r16945: {tor} (Backport to 0.2.0 branch) Patch from roger for 752, but wit (in tor/branches/tor-0_2_0-patches: . src/or)

nickm at seul.org nickm at seul.org
Tue Sep 23 20:26:06 UTC 2008 

Author: nickm
Date: 2008-09-23 16:26:05 -0400 (Tue, 23 Sep 2008)
New Revision: 16945

Modified:
   tor/branches/tor-0_2_0-patches/ChangeLog
   tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
Log:
(Backport to 0.2.0 branch) Patch from roger for 752, but with more comments: When we get an A.B.exit:P address, and B would reject most connections to P, but we do not know whether it would allow A, then allow the connection to procede.  Bugfix, amusingly, on 0.0.9rc5.

Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog	2008-09-23 20:25:01 UTC (rev 16944)
+++ tor/branches/tor-0_2_0-patches/ChangeLog	2008-09-23 20:26:05 UTC (rev 16945)
@@ -5,7 +5,12 @@
       correctly.  (Found by Riastradh.)
     - Avoid a bug where the FistFirstHopPK 0 option would keep Tor from
       bootstrapping with tunneled directory connections.  Bugfix on
-      0.1.2.5-alpha.  Fixes bug 797.
+      0.1.2.5-alpha.  Fixes bug 797.  Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B most-but-not all connections to port 80,
+      we would previously reject the connection.  Now, we assume the user
+      knows what they were asking for.  Fixes bug 752.  Bugfix on 0.0.9rc5.
+      Diagnosed by BarkerJr.
 
 
 Changes in version 0.2.0.31 - 2008-09-03

Modified: tor/branches/tor-0_2_0-patches/src/or/connection_edge.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/connection_edge.c	2008-09-23 20:25:01 UTC (rev 16944)
+++ tor/branches/tor-0_2_0-patches/src/or/connection_edge.c	2008-09-23 20:26:05 UTC (rev 16945)
@@ -2807,8 +2807,12 @@
       addr = ntohl(in.s_addr);
     r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
                                     exit->exit_policy);
-    if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
-      return 0;
+    if (r == ADDR_POLICY_REJECTED)
+      return 0; /* We know the address, and the exit policy rejects it. */
+    if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name)
+      return 0; /* We don't know the addr, but the exit policy rejects most
+                 * addresses with this port. Since the user didn't ask for
+                 * this node, err on the side of caution. */
   } else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
     /* Can't support reverse lookups without eventdns. */
     if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR &&

More information about the tor-commits mailing list