commit d958915e5a1a2bd7f644ac96dc5aec6961f45d10 Author: juga juga@riseup.net Date: Thu Jul 9 10:31:35 2020 +0000
fix: relaylist: Check exit to all domains/ips
When an exit policy allows to exit only to some subnet, it is not enough to check that it can exit to a port, since it can, but it might not be able to exit to the domain/ip of the sbws Web servers. To ensure that without having to check whether it can exit to a specific domain/ip, we can query the exit policy with `strict`.
Closes #40006. Bugfix v1.0.3. --- sbws/lib/relaylist.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 1852199..ab7455e 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -197,7 +197,9 @@ class Relay: # Therefore, catch the exception here. try: if self.exit_policy: - return self.exit_policy.can_exit_to(port=port) + # Using `strict` to ensure it can exit to ALL domains + # and ips and that port. See #40006. + return self.exit_policy.can_exit_to(port=port, strict=True) except TypeError: return False return False