[tor-commits] [stem/master] Confusing error when ipv6 policy lacks a port
atagar at torproject.org
atagar at torproject.org
Sat May 27 20:10:45 UTC 2017
commit 806cbcca53091c93c7416166c09279d86c5c5b50
Author: Damian Johnson <atagar at torproject.org>
Date: Sat May 27 13:09:43 2017 -0700
Confusing error when ipv6 policy lacks a port
Seems a bug in tor lets it accept torrc entries like...
ExitPolicy reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]
This in turn causes us to crash with...
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/home/atagar/Desktop/stem/stem/control.py", line 454, in wrapped
return func(self, *args, **kwargs)
File "/home/atagar/Desktop/stem/stem/control.py", line 1274, in get_exit_policy
config_policy = stem.exit_policy.get_config_policy(policy, self.get_info('address', None))
File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 156, in get_config_policy
result.append(ExitPolicyRule(rule))
File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 689, in __init__
self._apply_addrspec(rule, addrspec, is_ipv6_only)
File "/home/atagar/Desktop/stem/stem/exit_policy.py", line 986, in _apply_addrspec
raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % rule)
ValueError: Address isn't a wildcard, IPv4, or IPv6 address: reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]
We should indeed reject it because it's missing the port from the end, but this
error is confusing. Providing the error saying it isn't a 'addrspec:portspec'
instead.
---
stem/exit_policy.py | 4 ++--
test/unit/exit_policy/rule.py | 8 ++++++++
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index aaf10b0..e1469c8 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -662,7 +662,7 @@ class ExitPolicyRule(object):
exitpattern = exitpattern.lstrip()
- if ':' not in exitpattern:
+ if ':' not in exitpattern or ']' in exitpattern.rsplit(':', 1)[1]:
raise ValueError("An exitpattern must be of the form 'addrspec:portspec': %s" % rule)
self.address = None
@@ -983,7 +983,7 @@ class ExitPolicyRule(object):
else:
raise ValueError("The '%s' isn't a number of bits: %s" % (addr_extra, rule))
else:
- raise ValueError("Address isn't a wildcard, IPv4, or IPv6 address: %s" % rule)
+ raise ValueError("'%s' isn't a wildcard, IPv4, or IPv6 address: %s" % (addrspec, rule))
def _apply_portspec(self, rule, portspec):
# Parses the portspec...
diff --git a/test/unit/exit_policy/rule.py b/test/unit/exit_policy/rule.py
index 908e72b..58c985e 100644
--- a/test/unit/exit_policy/rule.py
+++ b/test/unit/exit_policy/rule.py
@@ -2,6 +2,7 @@
Unit tests for the stem.exit_policy.ExitPolicyRule class.
"""
+import re
import unittest
from stem.exit_policy import AddressType, ExitPolicyRule, MicroExitPolicy
@@ -381,6 +382,13 @@ class TestExitPolicyRule(unittest.TestCase):
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
+ def test_missing_port(self):
+ exc_msg = "An exitpattern must be of the form 'addrspec:portspec': accept6 192.168.0.1/0"
+ self.assertRaisesRegexp(ValueError, re.escape(exc_msg), ExitPolicyRule, 'accept6 192.168.0.1/0')
+
+ exc_msg = "An exitpattern must be of the form 'addrspec:portspec': reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]"
+ self.assertRaisesRegexp(ValueError, re.escape(exc_msg), ExitPolicyRule, 'reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]')
+
def test_ipv6_only_entries(self):
# accept6/reject6 shouldn't match anything when given an ipv4 addresses
More information about the tor-commits
mailing list