Oops, here's the *REAL* fix for the ipv6 issue

We need to _REJECT_ descriptors with accept6/reject6 lines.  If we
let them onto the network , other un-upgraded tors will crash.

diff --git a/changes/ipv6_crash b/changes/ipv6_crash
index 2b04355a576aed8d713c93e05c9737f18f65d841..02f8aaa41c4ed3d9ae1defe25f101ff36c50febd 100644 (file)
--- a/changes/ipv6_crash
+++ b/changes/ipv6_crash
@@ -1,3 +1,4 @@
-  o Major bugfixes (directory authority)
+  o Major bugfixes:
     - Fix a crash in parsing router descriptors containing IPv6
-      addresses.  Bugfix on 0.2.1.3-alpha.
+      addresses.  This one crashed the directory authorities when somebody
+      fired up some experimental code. Bugfix on 0.2.1.3-alpha.

diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index aa0687d8835fff70a2007c2d65763d0ea96dc986..1faa177edf192599d1778f6f01e3405956133f91 100644 (file)
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -1369,6 +1369,12 @@ router_parse_entry_from_string(const char *s, const char *end,
       router->has_old_dnsworkers = 1;
   }
 
+  if (find_opt_by_keyword(tokens, K_REJECT6) ||
+      find_opt_by_keyword(tokens, K_ACCEPT6)) {
+    log_warn(LD_DIR, "Rejecting router with reject6/accept6 line: they crash "
+             "older Tors.");
+    goto err;
+  }
   exit_policy_tokens = find_all_exitpolicy(tokens);
   if (!smartlist_len(exit_policy_tokens)) {
     log_warn(LD_DIR, "No exit policy tokens in descriptor.");