[tor-commits] [tor/release-0.2.3] Fix a regression bug in AllowDotExit
nickm at torproject.org
nickm at torproject.org
Thu Jun 28 20:00:57 UTC 2012
commit c239c57d3c9a8ddff7db6ed20e836844b17efdae
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Jun 19 19:45:28 2012 -0400
Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule. But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".
This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.
Fixes bug 6211; bugfix on 0.2.3.17-beta
---
changes/bug6211 | 4 ++++
src/or/connection_edge.c | 17 ++++++++++-------
2 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/changes/bug6211 b/changes/bug6211
new file mode 100644
index 0000000..2c8d9b8
--- /dev/null
+++ b/changes/bug6211
@@ -0,0 +1,4 @@
+ o Minor bugfixes:
+ - Fix a bug that stopped AllowDotExit from working on addresses
+ that had an entry in the DNS cache. Fixes bug 6211; bugfix on
+ 0.2.3.17-beta.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 210c2e0..9892078 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1100,8 +1100,8 @@ addressmap_match_superdomains(char *address)
* address starts out as a non-exit address, and we remap it to an .exit
* address at any point, then set *<b>exit_source_out</b> to the
* address_entry_source_t of the first such rule. Set *<b>exit_source_out</b>
- * to ADDRMAPSRC_NONE if there is no such rewrite.
- *
+ * to ADDRMAPSRC_NONE if there is no such rewrite, or if the original address
+ * was a .exit.
*/
int
addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
@@ -1111,10 +1111,12 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
int rewrites;
time_t expires = TIME_MAX;
addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE;
+ char *addr_orig = tor_strdup(address);
+ char *log_addr_orig = NULL;
for (rewrites = 0; rewrites < 16; rewrites++) {
int exact_match = 0;
- char *addr_orig = tor_strdup(escaped_safe_str_client(address));
+ log_addr_orig = tor_strdup(escaped_safe_str_client(address));
ent = strmap_get(addressmap, address);
@@ -1125,7 +1127,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
!strcasecmp(address, ent->new_address)) {
/* This is a rule like *.example.com example.com, and we just got
* "example.com" */
- tor_free(addr_orig);
goto done;
}
@@ -1133,7 +1134,6 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
if (!ent || !ent->new_address) {
- tor_free(addr_orig);
goto done;
}
@@ -1151,10 +1151,11 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
}
log_info(LD_APP, "Addressmap: rewriting %s to %s",
- addr_orig, escaped_safe_str_client(address));
+ log_addr_orig, escaped_safe_str_client(address));
if (ent->expires > 1 && ent->expires < expires)
expires = ent->expires;
- tor_free(addr_orig);
+
+ tor_free(log_addr_orig);
}
log_warn(LD_CONFIG,
"Loop detected: we've rewritten %s 16 times! Using it as-is.",
@@ -1162,6 +1163,8 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
/* it's fine to rewrite a rewrite, but don't loop forever */
done:
+ tor_free(addr_orig);
+ tor_free(log_addr_orig);
if (exit_source_out)
*exit_source_out = exit_source;
if (expires_out)
More information about the tor-commits
mailing list