fix an assert: check the sockspolicy before we make/add the connection,

else we close a connection without assigning it a state, which is bad
because it fails assert_conn_ok()


svn:r2156

1 files changed, 11 insertions, 5 deletions

diff --git a/src/or/connection.c b/src/or/connection.c
index 7cbdff955..0d9eb627c 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) {
 
   set_socket_nonblocking(news);
 
+  /* process entrance policies here, before we even create the connection */
+  if(new_type == CONN_TYPE_AP) {
+    /* check sockspolicy to see if we should accept it */
+    if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
+      log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
+             inet_ntoa(remote.sin_addr));
+      tor_close_socket(news);
+      return 0;
+    }
+  }
+
   newconn = connection_new(new_type);
   newconn->s = news;
 
@@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) {
     case CONN_TYPE_OR:
       return connection_tls_start_handshake(conn, 1);
     case CONN_TYPE_AP:
-      /* check sockspolicy to see if we should accept it */
-      if(socks_policy_permits_address(conn->addr) == 0) {
-        log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);
-        return -1;
-      }
       conn->state = AP_CONN_STATE_SOCKS_WAIT;
       break;
     case CONN_TYPE_DIR: