From: Nick Mathewson Date: Wed, 3 Feb 2010 20:59:15 +0000 (-0500) Subject: When we've disabled .exit hostnames, actually reject them. X-Git-Tag: tor-0.2.2.9-alpha~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d5d4f9f0385a8594bf363bee2392e8b055499fb;p=thirdparty%2Ftor.git When we've disabled .exit hostnames, actually reject them. Previously we were treating them as decent hostnames and sending them to the exit, which is completely wrong. --- diff --git a/ChangeLog b/ChangeLog index 2cf77765e0..053ea660b4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Changes in version 0.2.2.9-alpha - 2010-??-?? when it updates its libraries in a security patch. - Fix static compilation by listing the openssl libraries in the right order. Fixes bug 1237. + - Actually reject .exit hostnames when we're supposed to be rejecting + them; do not pass them on to the exit server. Bugfix on 0.2.2.7-alpha; + found and diagnosed by Scott Bennett and Downie on or-talk. o Code simplifications and refactoring: - Generate our manpage and HTML documentation using Asciidoc. This diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index d7e8394614..8447853fc1 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2935,10 +2935,12 @@ parse_extended_hostname(char *address, int allowdotexit) if (allowdotexit) { *s = 0; /* NUL-terminate it */ return EXIT_HOSTNAME; /* .exit */ - } /* else */ - log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to " - "security risks. Set AllowDotExit in your torrc to enable it."); - /* FFFF send a controller event too to notify Vidalia users */ + } else { + log_warn(LD_APP, "The \".exit\" notation is disabled in Tor due to " + "security risks. Set AllowDotExit in your torrc to enable it."); + /* FFFF send a controller event too to notify Vidalia users */ + return BAD_HOSTNAME; + } } if (strcmp(s+1,"onion")) return NORMAL_HOSTNAME; /* neither .exit nor .onion, thus normal */