]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce92335)
Warn when comparing against an AF_UNSPEC address in a policy
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>
Tue, 15 Dec 2015 21:47:47 +0000 (08:47 +1100)
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>
Tue, 15 Dec 2015 21:51:59 +0000 (08:51 +1100)
It produces unexpected results, and it's most likely a bug.

changes/feature17863 [new file with mode: 0644] patch | blob
src/or/policies.c patch | blob | blame | history

diff --git a/changes/feature17863 b/changes/feature17863
new file mode 100644 (file)
index 0000000..86c4e2c
--- /dev/null
+++ b/changes/feature17863
@@ -0,0 +1,6 @@
+  o Minor feature (IPv6):
+    - Add address policy assume_action support for IPv6 addresses.
+    - Limit IPv6 mask bits to 128.
+    - Warn when comparing against an AF_UNSPEC address in a policy,
+      it's almost always a bug.
+      Closes ticket 17863; patch by "teor".
diff --git a/src/or/policies.c b/src/or/policies.c
index 32a7ec2da48043f2c225898e7916623e252d04f9..c9bce1b23495172822083b600a139de38998dcd2 100644 (file)
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -696,6 +696,10 @@ compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
   /* We know the address and port, and we know the policy, so we can just
    * compute an exact match. */
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     /* Address is known */
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
                                  CMP_EXACT)) {
@@ -723,6 +727,10 @@ compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr,
   int maybe_accept = 0, maybe_reject = 0;
 
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
                                  CMP_EXACT)) {
       if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
@@ -762,6 +770,10 @@ compare_unknown_tor_addr_to_addr_policy(uint16_t port,
   int maybe_accept = 0, maybe_reject = 0;
 
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+    if (tmpe->addr.family == AF_UNSPEC) {
+      log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+               "matches other AF_UNSPEC addresses.");
+    }
     if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
       if (tmpe->maskbits == 0) {
         /* Definitely matches, since it covers all addresses. */
Mirror of https://git.torproject.org/tor.git