[tor-commits] [sbws/master] fix: relaylist: Check exit to all domains/ips
juga at torproject.org
juga at torproject.org
Wed Jul 22 14:51:07 UTC 2020
commit d958915e5a1a2bd7f644ac96dc5aec6961f45d10
Author: juga <juga at riseup.net>
Date: Thu Jul 9 10:31:35 2020 +0000
fix: relaylist: Check exit to all domains/ips
When an exit policy allows to exit only to some subnet, it is not
enough to check that it can exit to a port, since it can, but it might
not be able to exit to the domain/ip of the sbws Web servers.
To ensure that without having to check whether it can exit to a
specific domain/ip, we can query the exit policy with `strict`.
Closes #40006. Bugfix v1.0.3.
---
sbws/lib/relaylist.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 1852199..ab7455e 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -197,7 +197,9 @@ class Relay:
# Therefore, catch the exception here.
try:
if self.exit_policy:
- return self.exit_policy.can_exit_to(port=port)
+ # Using `strict` to ensure it can exit to ALL domains
+ # and ips and that port. See #40006.
+ return self.exit_policy.can_exit_to(port=port, strict=True)
except TypeError:
return False
return False
More information about the tor-commits
mailing list