diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-03-28 03:19:00 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-03-28 03:19:00 -0400 |
| commit | 433d7578465e04484d537810096512b5cc61246f (patch) | |
| tree | de201fe472549b9497894033660f979a0b80bd94 | |
| parent | 70c17134c79d9de05408748329c0918158d7deb0 (diff) | |
| download | tor-433d7578465e04484d537810096512b5cc61246f.tar tor-433d7578465e04484d537810096512b5cc61246f.tar.gz | |
Reject SOCKS requests for "localhost" or ".local"
Sending them on is futile, since we will be told "127.0.0.1" and then
think we've been lied to. Partial fix for 2822.
| -rw-r--r-- | changes/bug2822.2 | 6 | ||||
| -rw-r--r-- | src/common/address.c | 9 | ||||
| -rw-r--r-- | src/common/address.h | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 5 |
4 files changed, 20 insertions, 2 deletions
diff --git a/changes/bug2822.2 b/changes/bug2822.2 new file mode 100644 index 000000000..373741ca7 --- /dev/null +++ b/changes/bug2822.2 @@ -0,0 +1,6 @@ + o Minor features: + + - Don't bother trying to connect to addresses that we are sure will + resolve to 127.0.0.1: Getting 127.0.0.1 in a reply makes us think + we have been lied to, even when the address the client tried to + connect to was "localhost." Partial fix for bug 2822. diff --git a/src/common/address.c b/src/common/address.c index 676c48589..e379464eb 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1682,3 +1682,12 @@ get_interface_address(int severity, uint32_t *addr) return r; } +/** Return true if we can tell that <b>name</b> is a canonical name for the + * loopback address. */ +int +tor_addr_hostname_is_local(const char *name) +{ + return !strcasecmp(name, "localhost") || + !strcasecmp(name, "local") || + !strcasecmpend(name, ".local"); +} diff --git a/src/common/address.h b/src/common/address.h index 4568c32bf..125fd3818 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -191,6 +191,8 @@ int tor_addr_is_loopback(const tor_addr_t *addr); int tor_addr_port_split(int severity, const char *addrport, char **address_out, uint16_t *port_out); +int tor_addr_hostname_is_local(const char *name); + /* IPv4 helpers */ int is_internal_IP(uint32_t ip, int for_listening); int addr_port_lookup(int severity, const char *addrport, char **address, diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index e19d7f077..fb09281fe 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2000,8 +2000,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, if (options->ClientRejectInternalAddresses && !conn->use_begindir && !conn->chosen_exit_name && !circ) { tor_addr_t addr; - if (tor_addr_parse(&addr, socks->address) >= 0 && - tor_addr_is_internal(&addr, 0)) { + if (tor_addr_hostname_is_local(socks->address) || + (tor_addr_parse(&addr, socks->address) >= 0 && + tor_addr_is_internal(&addr, 0))) { /* If this is an explicit private address with no chosen exit node, * then we really don't want to try to connect to it. That's * probably an error. */ |