correctly. (Found by Riastradh.)
- Avoid a bug where the FistFirstHopPK 0 option would keep Tor from
bootstrapping with tunneled directory connections. Bugfix on
- 0.1.2.5-alpha. Fixes bug 797.
+ 0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
+ - When asked to connect to A.B.exit:80, if we don't know the IP for A
+ and we know that server B most-but-not all connections to port 80,
+ we would previously reject the connection. Now, we assume the user
+ knows what they were asking for. Fixes bug 752. Bugfix on 0.0.9rc5.
+ Diagnosed by BarkerJr.
Changes in version 0.2.0.31 - 2008-09-03
addr = ntohl(in.s_addr);
r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
exit->exit_policy);
- if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
- return 0;
+ if (r == ADDR_POLICY_REJECTED)
+ return 0; /* We know the address, and the exit policy rejects it. */
+ if (r == ADDR_POLICY_PROBABLY_REJECTED && !conn->chosen_exit_name)
+ return 0; /* We don't know the addr, but the exit policy rejects most
+ * addresses with this port. Since the user didn't ask for
+ * this node, err on the side of caution. */
} else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command)) {
/* Can't support reverse lookups without eventdns. */
if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR &&
projects / thirdparty / tor.git / commitdiff
