[tor-commits] [tor/release-0.2.4] Apply ClientDNSRejectInternalAddresses to IPv6 in RESOLVED cells

arma at torproject.org arma at torproject.org
Thu Apr 11 05:29:50 UTC 2013


commit 1b28f366b8796a9e6d27af74146dbc7836100263
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Mar 14 11:19:08 2013 -0400

    Apply ClientDNSRejectInternalAddresses to IPv6 in RESOLVED cells
    
    Fixes bug 8475; bugfix on 0.2.0.7-alpha.
---
 changes/bug8475 |    4 ++++
 src/or/relay.c  |   13 ++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/changes/bug8475 b/changes/bug8475
new file mode 100644
index 0000000..eb8debe
--- /dev/null
+++ b/changes/bug8475
@@ -0,0 +1,4 @@
+  o Major bugfixes:
+    - If configured via ClientDNSRejectInternalAddresses not to report
+      DNS queries which have resolved to internal addresses, apply that
+      rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
diff --git a/src/or/relay.c b/src/or/relay.c
index a17c333..e69eade 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -969,12 +969,15 @@ connection_edge_process_relay_cell_not_open(
                                   2+answer_len));
     else
       ttl = -1;
-    if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
-      uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+2));
-      if (get_options()->ClientDNSRejectInternalAddresses &&
-          is_internal_IP(addr, 0)) {
+    if (answer_type == RESOLVED_TYPE_IPV4 ||
+        answer_type == RESOLVED_TYPE_IPV6) {
+      tor_addr_t addr;
+      if (decode_address_from_payload(&addr, cell->payload+RELAY_HEADER_SIZE,
+                                      rh->length) &&
+          tor_addr_is_internal(&addr, 0) &&
+          get_options()->ClientDNSRejectInternalAddresses) {
         log_info(LD_APP,"Got a resolve with answer %s. Rejecting.",
-                 fmt_addr32(addr));
+                 fmt_addr(&addr));
         connection_ap_handshake_socks_resolved(entry_conn,
                                                RESOLVED_TYPE_ERROR_TRANSIENT,
                                                0, NULL, 0, TIME_MAX);





More information about the tor-commits mailing list