Reject SOCKS requests for "localhost" or ".local"

Sending them on is futile, since we will be told "127.0.0.1" and then
think we've been lied to.  Partial fix for 2822.

2 files changed, 11 insertions, 0 deletions

diff --git a/src/common/address.c b/src/common/address.c
index 676c48589..e379464eb 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1682,3 +1682,12 @@ get_interface_address(int severity, uint32_t *addr)
   return r;
 }
 
+/** Return true if we can tell that <b>name</b> is a canonical name for the
+ * loopback address. */
+int
+tor_addr_hostname_is_local(const char *name)
+{
+  return !strcasecmp(name, "localhost") ||
+    !strcasecmp(name, "local") ||
+    !strcasecmpend(name, ".local");
+}
diff --git a/src/common/address.h b/src/common/address.h
index 4568c32bf..125fd3818 100644
--- a/src/common/address.h
+++ b/src/common/address.h
@@ -191,6 +191,8 @@ int tor_addr_is_loopback(const tor_addr_t *addr);
 int tor_addr_port_split(int severity, const char *addrport,
                         char **address_out, uint16_t *port_out);
 
+int tor_addr_hostname_is_local(const char *name);
+
 /* IPv4 helpers */
 int is_internal_IP(uint32_t ip, int for_listening);
 int addr_port_lookup(int severity, const char *addrport, char **address,