[tor-commits] [tor/master] Clean up and fix exit policy check in connection_exit_connect().

[nickm at torproject.org]

commit 785176e97545b2e7fc65bb80cf7aa13c9adc3fc4
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Oct 5 12:38:03 2016 -0400

    Clean up and fix exit policy check in connection_exit_connect().
    
    Previously, we would reject even rendezvous connections to IPv6
    addresses when IPv6Exit was false.  But that doesn't make sense; we
    don't count that as "exit"ing.  I've corrected the logic and tried
    to make it a lottle more clear.
    
    Fixes bug 18357; this code has been wrong since 9016d9e8294a352 in
    0.2.4.7-alpha.
---
 changes/bug18357         |  5 +++++
 src/or/connection_edge.c | 24 ++++++++++++++++--------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/changes/bug18357 b/changes/bug18357
new file mode 100644
index 0000000..5f19d14
--- /dev/null
+++ b/changes/bug18357
@@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden service):
+    - Allow hidden services to run on IPv6 addresses even when the
+      IPv6Exit option is not set. Fixes bug 18357; bugfix on
+      0.2.4.7-alpha.
+
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 08e4fa5..a1a0863 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3232,14 +3232,22 @@ connection_exit_connect(edge_connection_t *edge_conn)
   uint16_t port;
   connection_t *conn = TO_CONN(edge_conn);
   int socket_error = 0, result;
-
-  if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
-        router_compare_to_my_exit_policy(&edge_conn->base_.addr,
-                                         edge_conn->base_.port)) ||
-       (tor_addr_family(&conn->addr) == AF_INET6 &&
-        ! get_options()->IPv6Exit)) {
-    log_info(LD_EXIT,"%s:%d failed exit policy. Closing.",
-             escaped_safe_str_client(conn->address), conn->port);
+  const char *why_failed_exit_policy = NULL;
+
+  if (! connection_edge_is_rendezvous_stream(edge_conn)) {
+    /* only apply exit policy to non-rendezvous connections. */
+    if (router_compare_to_my_exit_policy(&edge_conn->base_.addr,
+                                         edge_conn->base_.port)) {
+      why_failed_exit_policy = "";
+    } else if (tor_addr_family(&conn->addr) == AF_INET6 &&
+             ! get_options()->IPv6Exit) {
+      why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)";
+    }
+  }
+  if (why_failed_exit_policy) {
+    log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.",
+             escaped_safe_str_client(conn->address), conn->port,
+             why_failed_exit_policy);
     connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY);
     circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
     connection_free(conn);