From: Roger Dingledine <arma@torproject.org>
Date: Fri, 6 Aug 2004 09:56:36 +0000 (+0000)
Subject: fix an assert: check the sockspolicy before we make/add the connection,
X-Git-Tag: tor-0.0.8pre3~59
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=276d953b2215505cd538a2e00f8b3dc6672f783a;p=thirdparty%2Ftor.git

fix an assert: check the sockspolicy before we make/add the connection,
else we close a connection without assigning it a state, which is bad
because it fails assert_conn_ok()


svn:r2156
---

diff --git a/src/or/connection.c b/src/or/connection.c
index 7cbdff9553..0d9eb627c4 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) {
 
   set_socket_nonblocking(news);
 
+  /* process entrance policies here, before we even create the connection */
+  if(new_type == CONN_TYPE_AP) {
+    /* check sockspolicy to see if we should accept it */
+    if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
+      log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
+             inet_ntoa(remote.sin_addr));
+      tor_close_socket(news);
+      return 0;
+    }
+  }
+
   newconn = connection_new(new_type);
   newconn->s = news;
 
@@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) {
     case CONN_TYPE_OR:
       return connection_tls_start_handshake(conn, 1);
     case CONN_TYPE_AP:
-      /* check sockspolicy to see if we should accept it */
-      if(socks_policy_permits_address(conn->addr) == 0) {
-        log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);
-        return -1;
-      }
       conn->state = AP_CONN_STATE_SOCKS_WAIT;
       break;
     case CONN_TYPE_DIR: