Don't do a DNS lookup on a bridge line address

Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.

diff --git a/changes/bug10801 b/changes/bug10801
new file mode 100644 (file)
index 0000000..201bbea
--- /dev/null
+++ b/changes/bug10801
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Stop accepting bridge lines containing hostnames. Doing so allowed
+      clients to perform DNS requests on the hostnames, which was not
+      sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.

diff --git a/src/common/address.c b/src/common/address.c
index 14a7b6bc96ad7124a266b6f74d585fc3a4821838..3e898611dec73d72df449d06efb753ffa2dd79cb 100644 (file)
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1439,12 +1439,16 @@ is_internal_IP(uint32_t ip, int for_listening)
  * to the port.
  *
  * Don't do DNS lookups and don't allow domain names in the <ip> field.
- * Don't accept <b>addrport</b> of the form "<ip>" or "<ip>:0".
+ *
+ * If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
+ * form "<ip>" or "<ip>:0".  Otherwise, accept those forms, and set
+ * *<b>port_out</b> to <b>default_port</b>.
  *
  * Return 0 on success, -1 on failure. */
 int
 tor_addr_port_parse(int severity, const char *addrport,
-                    tor_addr_t *address_out, uint16_t *port_out)
+                    tor_addr_t *address_out, uint16_t *port_out,
+                    int default_port)
 {
   int retval = -1;
   int r;
@@ -1458,8 +1462,12 @@ tor_addr_port_parse(int severity, const char *addrport,
   if (r < 0)
     goto done;
 
-  if (!*port_out)
-    goto done;
+  if (!*port_out) {
+    if (default_port >= 0)
+      *port_out = default_port;
+    else
+      goto done;
+  }
 
   /* make sure that address_out is an IP address */
   if (tor_addr_parse(address_out, addr_tmp) < 0)

diff --git a/src/common/address.h b/src/common/address.h
index 77e585534635133ff9a21e24b0e9c59b0b0888db..7afcb0d9257b3e726e96b8dd1719f184ed43ad7e 100644 (file)
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -209,7 +209,8 @@ int tor_addr_port_split(int severity, const char *addrport,
                         char **address_out, uint16_t *port_out);
 
 int tor_addr_port_parse(int severity, const char *addrport,
-                        tor_addr_t *address_out, uint16_t *port_out);
+                        tor_addr_t *address_out, uint16_t *port_out,
+                        int default_port);
 
 int tor_addr_hostname_is_local(const char *name);
 

diff --git a/src/or/config.c b/src/or/config.c
index ef0294626782cc487cad2e842873551c3c2acb7e..fc959f7c3f2492f8c3a8cbc39558d1119c9bdef2 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4169,16 +4169,10 @@ parse_bridge_line(const char *line, int validate_only)
     addrport = field1;
   }
 
-  if (tor_addr_port_lookup(addrport, &addr, &port)<0) {
+  if (tor_addr_port_parse(LOG_INFO, addrport, &addr, &port, 443)<0) {
     log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
     goto err;
   }
-  if (!port) {
-    log_info(LD_CONFIG,
-             "Bridge address '%s' has no port; using default port 443.",
-             addrport);
-    port = 443;
-  }
 
   if (smartlist_len(items)) {
     fingerprint = smartlist_join_strings(items, "", 0, NULL);
@@ -4384,7 +4378,7 @@ get_bindaddr_from_transport_listen_line(const char *line,const char *transport)
     goto err;
 
   /* Validate addrport */
-  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port)<0) {
+  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
     log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
              "address '%s'", addrport);
     goto err;

diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index fec85a4696497c4a1e8e03c89866fac6edaf2cbf..5452ee9070b0d328ec853aa858c9c897fcfb0ab0 100644 (file)
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -735,7 +735,7 @@ test_addr_parse(void)
   /* Correct call. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.1:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == 0);
   tor_addr_to_str(buf, &addr, sizeof(buf), 0);
   test_streq(buf, "192.0.2.1");
@@ -744,31 +744,45 @@ test_addr_parse(void)
   /* Domain name. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == -1);
 
   /* Only IP. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == -1);
 
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "192.0.2.2",
+                         &addr, &port, 200);
+  test_assert(r == 0);
+  tt_int_op(port,==,200);
+
   /* Bad port. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2:66666",
-                         &addr, &port);
+                         &addr, &port, -1);
+  test_assert(r == -1);
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "192.0.2.2:66666",
+                         &addr, &port, 200);
   test_assert(r == -1);
 
   /* Only domain name */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org",
-                         &addr, &port);
+                         &addr, &port, -1);
+  test_assert(r == -1);
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "torproject.org",
+                         &addr, &port, 200);
   test_assert(r == -1);
 
   /* Bad IP address */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == -1);
 
  done: