[stem/master] Confusing error when ipv6 policy lacks a port - tor-commits

27 May 2017

commit 806cbcca53091c93c7416166c09279d86c5c5b50
Author: Damian Johnson atagar@torproject.org
Date:   Sat May 27 13:09:43 2017 -0700
Confusing error when ipv6 policy lacks a port
Seems a bug in tor lets it accept torrc entries like...
ExitPolicy reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]
This in turn causes us to crash with...
Traceback (most recent call last):
        File "<console>", line 1, in <module>
        File "/home/atagar/Desktop/stem/stem/control.py", line 454, in wrapped
          return func(self, *args, **kwargs)
        File "/home/atagar/Desktop/stem/stem/control.py", line 1274, in get_exit_policy
          config_policy = stem.exit_policy.get_config_policy(policy, self.get_info('address', None))
        File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 156, in get_config_policy
          result.append(ExitPolicyRule(rule))
        File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 689, in __init__
          self._apply_addrspec(rule, addrspec, is_ipv6_only)
        File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 986, in _apply_addrspec
          raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % rule)
      ValueError: Address isn't a wildcard, IPv4, or IPv6 address: reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]
We should indeed reject it because it's missing the port from the end, but this
    error is confusing. Providing the error saying it isn't a 'addrspec:portspec'
    instead.
---
 stem/exit_policy.py           | 4 ++--
 test/unit/exit_policy/rule.py | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index aaf10b0..e1469c8 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -662,7 +662,7 @@ class ExitPolicyRule(object):
exitpattern = exitpattern.lstrip()
-    if ':' not in exitpattern:
+    if ':' not in exitpattern or ']' in exitpattern.rsplit(':', 1)[1]:
       raise ValueError("An exitpattern must be of the form 'addrspec:portspec': %s" % rule)
self.address = None
@@ -983,7 +983,7 @@ class ExitPolicyRule(object):
       else:
         raise ValueError("The '%s' isn't a number of bits: %s" % (addr_extra, rule))
     else:
-      raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % rule)
+      raise ValueError("'%s' isn't a wildcard, IPv4, or IPv6 address: %s" % (addrspec, rule))
def _apply_portspec(self, rule, portspec):
     # Parses the portspec...
diff --git a/test/unit/exit_policy/rule.py b/test/unit/exit_policy/rule.py
index 908e72b..58c985e 100644
--- a/test/unit/exit_policy/rule.py
+++ b/test/unit/exit_policy/rule.py
@@ -2,6 +2,7 @@
 Unit tests for the stem.exit_policy.ExitPolicyRule class.
 """
+import re
 import unittest
from stem.exit_policy import AddressType, ExitPolicyRule, MicroExitPolicy
@@ -381,6 +382,13 @@ class TestExitPolicyRule(unittest.TestCase):
       for match_args, expected_result in matches.items():
         self.assertEqual(expected_result, rule.is_match(*match_args))
+  def test_missing_port(self):
+    exc_msg = "An exitpattern must be of the form 'addrspec:portspec': accept6 192.168.0.1/0"
+    self.assertRaisesRegexp(ValueError, re.escape(exc_msg), ExitPolicyRule, 'accept6 192.168.0.1/0')
+
+    exc_msg = "An exitpattern must be of the form 'addrspec:portspec': reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]"
+    self.assertRaisesRegexp(ValueError, re.escape(exc_msg), ExitPolicyRule, 'reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]')
+
   def test_ipv6_only_entries(self):
     # accept6/reject6 shouldn't match anything when given an ipv4 addresses

    