Exit policies now reject connections that are addressed to a

relay's public (external) IP address too, unless
ExitPolicyRejectPrivate is turned off. We do this because too
many relays are running nearby to services that trust them based
on network address.


svn:r12459

4 files changed, 15 insertions, 9 deletions

diff --git a/src/or/or.h b/src/or/or.h
index 7479ec9dc..0bded333a 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3356,9 +3356,8 @@ void policies_parse_from_options(or_options_t *options);
 int cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
 addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
                               uint16_t port, addr_policy_t *policy);
-int policies_parse_exit_policy(config_line_t *cfg,
-                               addr_policy_t **dest,
-                               int rejectprivate);
+int policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
+                               int rejectprivate, const char *local_address);
 int exit_policy_is_general_exit(addr_policy_t *policy);
 int policy_is_reject_star(addr_policy_t *policy);
 int getinfo_helper_policies(control_connection_t *conn,
diff --git a/src/or/policies.c b/src/or/policies.c
index 62b98a476..ba3a375a1 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -228,7 +228,7 @@ validate_addr_policies(or_options_t *options, char **msg)
   *msg = NULL;
 
   if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
-                                 options->ExitPolicyRejectPrivate))
+                                 options->ExitPolicyRejectPrivate, NULL))
     REJECT("Error in ExitPolicy entry.");
 
   /* The rest of these calls *append* to addr_policy. So don't actually
@@ -556,10 +556,16 @@ exit_policy_remove_redundancies(addr_policy_t **dest)
  */
 int
 policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
-                           int rejectprivate)
+                           int rejectprivate, const char *local_address)
 {
-  if (rejectprivate)
+  if (rejectprivate) {
     append_exit_policy_string(dest, "reject private:*");
+    if (local_address) {
+      char buf[POLICY_BUF_LEN];
+      tor_snprintf(buf, sizeof(buf), "reject %s:*", local_address);
+      append_exit_policy_string(dest, buf);
+    }
+  }
   if (parse_addr_policy(cfg, dest, -1))
     return -1;
   append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
diff --git a/src/or/router.c b/src/or/router.c
index f46adeef1..c1e8b0c92 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1215,7 +1215,8 @@ router_rebuild_descriptor(int force)
   ri->bandwidthcapacity = hibernating ? 0 : rep_hist_bandwidth_assess();
 
   policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
-                             options->ExitPolicyRejectPrivate);
+                             options->ExitPolicyRejectPrivate,
+                             ri->address);
 
   if (desc_routerinfo) { /* inherit values */
     ri->is_valid = desc_routerinfo->is_valid;
diff --git a/src/or/test.c b/src/or/test.c
index bd67f5841..448720ae5 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -2935,7 +2935,7 @@ test_policies(void)
           compare_addr_to_addr_policy(0xc0a80102, 2, policy));
 
   policy2 = NULL;
-  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1));
+  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL));
   test_assert(policy2);
 
   test_assert(!exit_policy_is_general_exit(policy));
@@ -2955,7 +2955,7 @@ test_policies(void)
   line.key = (char*)"foo";
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
   line.next = NULL;
-  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0));
+  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
   test_assert(policy);
   test_streq(policy->string, "accept *:80");
   test_streq(policy->next->string, "reject *:*");