Merge remote-tracking branch 'public/bug10801_024'

Conflicts:
	src/common/address.c
	src/or/config.c

5 files changed, 83 insertions, 21 deletions

diff --git a/changes/bug10801 b/changes/bug10801
new file mode 100644
index 000000000..201bbeab1
--- /dev/null
+++ b/changes/bug10801
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Stop accepting bridge lines containing hostnames. Doing so allowed
+      clients to perform DNS requests on the hostnames, which was not
+      sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
diff --git a/src/common/address.c b/src/common/address.c
index cc3e31f65..e5930dedc 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1451,12 +1451,16 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
  * to the port.
  *
  * Don't do DNS lookups and don't allow domain names in the "ip" field.
- * Don't accept <b>addrport</b> of the form "ip" or "ip:0".
+ *
+ * If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
+ * form "ip" or "ip:0".  Otherwise, accept those forms, and set
+ * *<b>port_out</b> to <b>default_port</b>.
  *
  * Return 0 on success, -1 on failure. */
 int
 tor_addr_port_parse(int severity, const char *addrport,
-                    tor_addr_t *address_out, uint16_t *port_out)
+                    tor_addr_t *address_out, uint16_t *port_out,
+                    int default_port)
 {
   int retval = -1;
   int r;
@@ -1470,8 +1474,12 @@ tor_addr_port_parse(int severity, const char *addrport,
   if (r < 0)
     goto done;
 
-  if (!*port_out)
-    goto done;
+  if (!*port_out) {
+    if (default_port >= 0)
+      *port_out = default_port;
+    else
+      goto done;
+  }
 
   /* make sure that address_out is an IP address */
   if (tor_addr_parse(address_out, addr_tmp) < 0)
@@ -1492,9 +1500,18 @@ int
 tor_addr_port_split(int severity, const char *addrport,
                     char **address_out, uint16_t *port_out)
 {
+  tor_addr_t a_tmp;
   tor_assert(addrport);
   tor_assert(address_out);
   tor_assert(port_out);
+  /* We need to check for IPv6 manually because addr_port_lookup() doesn't
+   * do a good job on IPv6 addresses that lack a port. */
+  if (tor_addr_parse(&a_tmp, addrport) == AF_INET6) {
+    *port_out = 0;
+    *address_out = tor_strdup(addrport);
+    return 0;
+  }
+
   return addr_port_lookup(severity, addrport, address_out, NULL, port_out);
 }
 
diff --git a/src/common/address.h b/src/common/address.h
index 61de3d2d9..8dc63b71c 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -210,7 +210,8 @@ int tor_addr_port_split(int severity, const char *addrport,
                         char **address_out, uint16_t *port_out);
 
 int tor_addr_port_parse(int severity, const char *addrport,
-                        tor_addr_t *address_out, uint16_t *port_out);
+                        tor_addr_t *address_out, uint16_t *port_out,
+                        int default_port);
 
 int tor_addr_hostname_is_local(const char *name);
 
diff --git a/src/or/config.c b/src/or/config.c
index 4a6b30172..dbf643c53 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4535,18 +4535,11 @@ parse_bridge_line(const char *line)
     addrport = field;
   }
 
-  /* Parse addrport. */
-  if (tor_addr_port_lookup(addrport,
-                           &bridge_line->addr, &bridge_line->port)<0) {
+  if (tor_addr_port_parse(LOG_INFO, addrport,
+                          &bridge_line->addr, &bridge_line->port, 443)<0) {
     log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);
     goto err;
   }
-  if (!bridge_line->port) {
-    log_info(LD_CONFIG,
-             "Bridge address '%s' has no port; using default port 443.",
-             addrport);
-    bridge_line->port = 443;
-  }
 
   /* If transports are enabled, next field could be a fingerprint or a
      socks argument. If transports are disabled, next field must be
@@ -4797,7 +4790,7 @@ get_bindaddr_from_transport_listen_line(const char *line,const char *transport)
     goto err;
 
   /* Validate addrport */
-  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port)<0) {
+  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {
     log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "
              "address '%s'", addrport);
     goto err;
diff --git a/src/test/test_addr.c b/src/test/test_addr.c
index 1c2a90e1e..eb25e0b48 100644
--- a/src/test/test_addr.c
+++ b/src/test/test_addr.c
@@ -743,42 +743,89 @@ test_addr_parse(void)
   /* Correct call. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.1:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == 0);
   tor_addr_to_str(buf, &addr, sizeof(buf), 0);
   test_streq(buf, "192.0.2.1");
   test_eq(port, 1234);
 
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "[::1]:1234",
+                         &addr, &port, -1);
+  test_assert(r == 0);
+  tor_addr_to_str(buf, &addr, sizeof(buf), 0);
+  test_streq(buf, "::1");
+  test_eq(port, 1234);
+
   /* Domain name. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == -1);
 
   /* Only IP. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2",
-                         &addr, &port);
+                         &addr, &port, -1);
+  test_assert(r == -1);
+
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "192.0.2.2",
+                         &addr, &port, 200);
+  test_assert(r == 0);
+  tt_int_op(port,==,200);
+
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "[::1]",
+                         &addr, &port, -1);
   test_assert(r == -1);
 
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "[::1]",
+                         &addr, &port, 400);
+  test_assert(r == 0);
+  tt_int_op(port,==,400);
+
   /* Bad port. */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2.2:66666",
-                         &addr, &port);
+                         &addr, &port, -1);
+  test_assert(r == -1);
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "192.0.2.2:66666",
+                         &addr, &port, 200);
   test_assert(r == -1);
 
   /* Only domain name */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "torproject.org",
-                         &addr, &port);
+                         &addr, &port, -1);
+  test_assert(r == -1);
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "torproject.org",
+                         &addr, &port, 200);
   test_assert(r == -1);
 
   /* Bad IP address */
   r= tor_addr_port_parse(LOG_DEBUG,
                          "192.0.2:1234",
-                         &addr, &port);
+                         &addr, &port, -1);
   test_assert(r == -1);
 
+  /* Make sure that the default port has lower priority than the real
+     one */
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "192.0.2.2:1337",
+                         &addr, &port, 200);
+  test_assert(r == 0);
+  tt_int_op(port,==,1337);
+
+  r= tor_addr_port_parse(LOG_DEBUG,
+                         "[::1]:1369",
+                         &addr, &port, 200);
+  test_assert(r == 0);
+  tt_int_op(port,==,1369);
+
  done:
   ;
 }