[or-cvs] [tor/master] Fix bug 1113.

arma at seul.org arma at seul.org
Tue Oct 27 08:14:37 UTC 2009 

Author: Karsten Loesing <karsten.loesing at gmx.net>
Date: Tue, 27 Oct 2009 01:03:41 -0700
Subject: Fix bug 1113.
Commit: 56c2385157ee3fac81bb3f0c44fd933e0063ccde

Bridges do not use the default exit policy, but reject *:* by default.
---
 ChangeLog         |    2 ++
 src/or/or.h       |    3 ++-
 src/or/policies.c |   15 ++++++++++-----
 src/or/router.c   |    2 +-
 src/test/test.c   |    6 +++---
 5 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5eb74f7..6d9535f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -40,6 +40,8 @@ Changes in version 0.2.2.6-alpha - 2009-10-??
     - If your relay can't keep up with the number of incoming create
       cells, it would log one warning per failure into your logs. Limit
       warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
+    - Bridges do not use the default exit policy, but reject *:* by
+      default. Fixes bug 1113.
 
 
 Changes in version 0.2.2.5-alpha - 2009-10-11
diff --git a/src/or/or.h b/src/or/or.h
index 2fa4a79..bf415d8 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4353,7 +4353,8 @@ addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr,
 addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
                               uint16_t port, const smartlist_t *policy);
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                               int rejectprivate, const char *local_address);
+                               int rejectprivate, const char *local_address,
+                               int add_default_policy);
 void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
 int exit_policy_is_general_exit(smartlist_t *policy);
 int policy_is_reject_star(const smartlist_t *policy);
diff --git a/src/or/policies.c b/src/or/policies.c
index d55e86c..023cd47 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -344,7 +344,8 @@ validate_addr_policies(or_options_t *options, char **msg)
   *msg = NULL;
 
   if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
-                                 options->ExitPolicyRejectPrivate, NULL))
+                                 options->ExitPolicyRejectPrivate, NULL,
+                                 !options->BridgeRelay))
     REJECT("Error in ExitPolicy entry.");
 
   /* The rest of these calls *append* to addr_policy. So don't actually
@@ -829,14 +830,16 @@ exit_policy_remove_redundancies(smartlist_t *dest)
   "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
 
 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
- * cfg doesn't end in an absolute accept or reject, add the default exit
+ * cfg doesn't end in an absolute accept or reject and if
+ * <b>add_default_policy</b> is true, add the default exit
  * policy afterwards. If <b>rejectprivate</b> is true, prepend
  * "reject private:*" to the policy. Return -1 if we can't parse cfg,
  * else return 0.
  */
 int
 policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                           int rejectprivate, const char *local_address)
+                           int rejectprivate, const char *local_address,
+                           int add_default_policy)
 {
   if (rejectprivate) {
     append_exit_policy_string(dest, "reject private:*");
@@ -848,8 +851,10 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
   }
   if (parse_addr_policy(cfg, dest, -1))
     return -1;
-  append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
-
+  if (add_default_policy)
+    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
+  else
+    append_exit_policy_string(dest, "reject *:*");
   exit_policy_remove_redundancies(*dest);
 
   return 0;
diff --git a/src/or/router.c b/src/or/router.c
index 145301c..2f5a9fd 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1312,7 +1312,7 @@ router_rebuild_descriptor(int force)
 
   policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
                              options->ExitPolicyRejectPrivate,
-                             ri->address);
+                             ri->address, !options->BridgeRelay);
 
   if (desc_routerinfo) { /* inherit values */
     ri->is_valid = desc_routerinfo->is_valid;
diff --git a/src/test/test.c b/src/test/test.c
index 839d946..d85f1f0 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -629,7 +629,7 @@ test_policy_summary_helper(const char *policy_str,
   line.value = (char *)policy_str;
   line.next = NULL;
 
-  r = policies_parse_exit_policy(&line, &policy, 0, NULL);
+  r = policies_parse_exit_policy(&line, &policy, 0, NULL, 1);
   test_eq(r, 0);
   summary = policy_summarize(policy);
 
@@ -675,7 +675,7 @@ test_policies(void)
           compare_addr_to_addr_policy(0xc0a80102, 2, policy));
 
   policy2 = NULL;
-  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL));
+  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL, 1));
   test_assert(policy2);
 
   test_assert(!exit_policy_is_general_exit(policy));
@@ -699,7 +699,7 @@ test_policies(void)
   line.key = (char*)"foo";
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
   line.next = NULL;
-  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
+  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL, 1));
   test_assert(policy);
   //test_streq(policy->string, "accept *:80");
   //test_streq(policy->next->string, "reject *:*");
-- 
1.5.6.5

More information about the tor-commits mailing list