commit 433d7578465e04484d537810096512b5cc61246f Author: Nick Mathewson <nickm@torproject.org> Date: Wed Mar 28 03:19:00 2012 -0400 Reject SOCKS requests for "localhost" or ".local" Sending them on is futile, since we will be told "127.0.0.1" and then think we've been lied to. Partial fix for 2822. --- changes/bug2822.2 | 6 ++++++ src/common/address.c | 9 +++++++++ src/common/address.h | 2 ++ src/or/connection_edge.c | 5 +++-- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/changes/bug2822.2 b/changes/bug2822.2 new file mode 100644 index 0000000..373741c --- /dev/null +++ b/changes/bug2822.2 @@ -0,0 +1,6 @@ + o Minor features: + + - Don't bother trying to connect to addresses that we are sure will + resolve to 127.0.0.1: Getting 127.0.0.1 in a reply makes us think + we have been lied to, even when the address the client tried to + connect to was "localhost." Partial fix for bug 2822. diff --git a/src/common/address.c b/src/common/address.c index 676c485..e379464 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1682,3 +1682,12 @@ get_interface_address(int severity, uint32_t *addr) return r; } +/** Return true if we can tell that <b>name</b> is a canonical name for the + * loopback address. */ +int +tor_addr_hostname_is_local(const char *name) +{ + return !strcasecmp(name, "localhost") || + !strcasecmp(name, "local") || + !strcasecmpend(name, ".local"); +} diff --git a/src/common/address.h b/src/common/address.h index 4568c32..125fd38 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -191,6 +191,8 @@ int tor_addr_is_loopback(const tor_addr_t *addr); int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out); +int tor_addr_hostname_is_local(const char *name); + /* IPv4 helpers */ int is_internal_IP(uint32_t ip, int for_listening); int addr_port_lookup(int severity, const char *addrport, char **address, diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index e19d7f0..fb09281 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2000,8 +2000,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, if (options->ClientRejectInternalAddresses && !conn->use_begindir && !conn->chosen_exit_name && !circ) { tor_addr_t addr; - if (tor_addr_parse(&addr, socks->address) >= 0 && - tor_addr_is_internal(&addr, 0)) { + if (tor_addr_hostname_is_local(socks->address) || + (tor_addr_parse(&addr, socks->address) >= 0 && + tor_addr_is_internal(&addr, 0))) { /* If this is an explicit private address with no chosen exit node, * then we really don't want to try to connect to it. That's * probably an error. */