commit cdc59c198a15195a113d68b2c4fbb270792da533 Author: Nick Mathewson nickm@torproject.org Date: Tue Feb 22 14:06:28 2011 -0500

Don't let bad DNS make exit policy and declared exit policy get out of sync

Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha. --- changes/bug2366 | 8 ++++++++ src/or/policies.c | 8 ++++++++ src/or/policies.h | 1 + src/or/router.c | 15 +++++++++------ 4 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/changes/bug2366 b/changes/bug2366 new file mode 100644 index 0000000..d171be4 --- /dev/null +++ b/changes/bug2366 @@ -0,0 +1,8 @@ + o Minor bugfixes + - When a relay decides that its DNS is too broken for it to serve + as an exit server, it advertised itself as a non-exit, but + continued to act as an exit. This could create accidental + partitioning opportunities for users. Instead, if a relay is + going to advertise reject *:* as its exit policy, it should + really act with exit policy "reject *:*". Fixes bug 2366. + Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac. diff --git a/src/or/policies.c b/src/or/policies.c index 62e048c..38c2f7c 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -858,6 +858,14 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, return 0; }

+/** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating + * *<b>dest</b> as needed. */ +void +policies_exit_policy_append_reject_star(smartlist_t **dest) +{ + append_exit_policy_string(dest, "reject *:*"); +} + /** Replace the exit policy of <b>r</b> with reject *:*. */ void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *r) diff --git a/src/or/policies.h b/src/or/policies.h index a954ac4..b2947c6 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -41,6 +41,7 @@ addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr, int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, int rejectprivate, const char *local_address, int add_default_policy); +void policies_exit_policy_append_reject_star(smartlist_t **dest); void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter); int exit_policy_is_general_exit(smartlist_t *policy); int policy_is_reject_star(const smartlist_t *policy); diff --git a/src/or/router.c b/src/or/router.c index 59276ba..4c5eb7a 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1410,9 +1410,14 @@ router_rebuild_descriptor(int force)

ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();

- policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, - options->ExitPolicyRejectPrivate, - ri->address, !options->BridgeRelay); + if (dns_seems_to_be_broken() || has_dns_init_failed()) { + /* DNS is screwed up; don't claim to be an exit. */ + policies_exit_policy_append_reject_star(&ri->exit_policy); + } else { + policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, + options->ExitPolicyRejectPrivate, + ri->address, !options->BridgeRelay); + } ri->policy_is_reject_star = policy_is_reject_star(ri->exit_policy);

@@ -1866,9 +1871,7 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router, }

/* Write the exit policy to the end of 's'. */ - if (dns_seems_to_be_broken() || has_dns_init_failed() || - !router->exit_policy || !smartlist_len(router->exit_policy)) { - /* DNS is screwed up; don't claim to be an exit. */ + if (!router->exit_policy || !smartlist_len(router->exit_policy)) { strlcat(s+written, "reject *:*\n", maxlen-written); written += strlen("reject *:*\n"); tmpe = NULL;