Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:8

    1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'.
       This has resulted in a slight refactoring of config_register_addressmaps.
    2. Add some more detail to the man page entry for AddressMap.
    3. Fix initialization of a pointer to NULL rather than 0.
    4. Update the unit tests to cater for the changes in 1 and test more explicitly for
       recursive mapping.

3 files changed, 62 insertions, 33 deletions

diff --git a/src/or/config.c b/src/or/config.c
index 1744b84c4..1d42413c1 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4461,33 +4461,47 @@ config_register_addressmaps(const or_options_t *options)
   for (opt = options->AddressMap; opt; opt = opt->next) {
     smartlist_split_string(elts, opt->value, NULL,
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2);
-    if (smartlist_len(elts) >= 2) {
-      from = smartlist_get(elts,0);
-      to = smartlist_get(elts,1);
-
-      /* Remove leading asterisk in expressions of type: '*.example.com' */
-      if (from[0] == '*' && strlen(from) > 1)
-        from++;
-      if (to[0] == '*' && strlen(to) > 1)
-        to++;
-      if (to[0] == '.' && from[0] != '.') {
-        log_warn(LD_CONFIG,
-                 "Skipping invalid argument '%s' to MapAddress: "
-                 "can only use wildcard (i.e. '.' or '*.') if 'from' address "
-                 "uses wildcard also", to);
-      } else if (address_is_invalid_destination(to, 1)) {
-        log_warn(LD_CONFIG,
-                 "Skipping invalid argument '%s' to MapAddress", to);
-      } else {
-        addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
-        if (smartlist_len(elts)>2) {
-          log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
-        }
-      }
-    } else {
+    if (smartlist_len(elts) < 2) {
       log_warn(LD_CONFIG,"MapAddress '%s' has too few arguments. Ignoring.",
                opt->value);
+      goto cleanup;
+    }
+
+    from = smartlist_get(elts,0);
+    to = smartlist_get(elts,1);
+
+    if (to[0] == '.' || from[0] == '.') {
+      log_warn(LD_CONFIG,"MapAddress '%s' is ambiguous - address starts with a"
+              "'.'. Ignoring.",opt->value);
+      goto cleanup;
+    }
+
+    /* Remove leading asterisk in expressions of type: '*.example.com' */
+    if (!strncmp(from,"*.",2))
+      from++;
+    if (!strncmp(to,"*.",2))
+      to++;
+
+    if (to[0] == '.' && from[0] != '.') {
+      log_warn(LD_CONFIG,
+                "Skipping invalid argument '%s' to MapAddress: "
+                "can only use wildcard (i.e. '*.') if 'from' address "
+                "uses wildcard also", to);
+      goto cleanup;
+    }
+
+    if (address_is_invalid_destination(to, 1)) {
+      log_warn(LD_CONFIG,
+                "Skipping invalid argument '%s' to MapAddress", to);
+      goto cleanup;
     }
+
+    addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
+
+    if (smartlist_len(elts) > 2)
+      log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
+
+  cleanup:
     SMARTLIST_FOREACH(elts, char*, cp, tor_free(cp));
     smartlist_clear(elts);
   }
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 2c8c9da25..284b32045 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1052,7 +1052,7 @@ addressmap_match_superdomains(char *address)
   const char *key;
   void *_val;
   addressmap_entry_t *val;
-  char *matched_domains = 0;
+  char *matched_domains = NULL;
 
   for (iter = strmap_iter_init(addressmap); !strmap_iter_done(iter); ) {
     strmap_iter_get(iter, &key, &_val);
diff --git a/src/test/test_config.c b/src/test/test_config.c
index a7b5d03a0..8880bd07f 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -15,9 +15,11 @@ test_config_addressmap(void)
   char buf[1024];
   char address[256];
   time_t expires = TIME_MAX;
-  strlcpy(buf, "MapAddress .google.com .torserver.exit\n"
+  strlcpy(buf, "MapAddress .invalidwildcard.com *.torserver.exit\n" // invalid
+          "MapAddress *invalidasterisk.com *.torserver.exit\n" // invalid
+          "MapAddress *.google.com *.torserver.exit\n"
           "MapAddress *.yahoo.com *.google.com.torserver.exit\n"
-          "MapAddress .cn.com www.cnn.com\n"
+          "MapAddress *.cn.com www.cnn.com\n"
           "MapAddress *.cnn.com www.cnn.com\n"
           "MapAddress ex.com www.cnn.com\n"
           "MapAddress ey.com *.cnn.com\n"
@@ -27,6 +29,7 @@ test_config_addressmap(void)
           "MapAddress test.torproject.org 2.2.2.2\n"
           "MapAddress www.google.com 3.3.3.3\n"
           "MapAddress www.example.org 4.4.4.4\n"
+          "MapAddress 4.4.4.4 7.7.7.7\n"
           "MapAddress 4.4.4.4 5.5.5.5\n"
           "MapAddress www.infiniteloop.org 6.6.6.6\n"
           "MapAddress 6.6.6.6 www.infiniteloop.org\n"
@@ -35,6 +38,14 @@ test_config_addressmap(void)
   config_get_lines(buf, &(get_options()->AddressMap));
   config_register_addressmaps(get_options());
 
+  /* MapAddress .invalidwildcard.com .torserver.exit  - no match */
+  strlcpy(address, "www.invalidwildcard.com", sizeof(address));
+  test_assert(!addressmap_rewrite(address, sizeof(address), &expires));
+
+  /* MapAddress *invalidasterisk.com .torserver.exit  - no match */
+  strlcpy(address, "www.invalidasterisk.com", sizeof(address));
+  test_assert(!addressmap_rewrite(address, sizeof(address), &expires));
+
   /* Where no mapping for FQDN match on top-level domain */
   /* MapAddress .google.com .torserver.exit */
   strlcpy(address, "reader.google.com", sizeof(address));
@@ -81,7 +92,11 @@ test_config_addressmap(void)
   test_assert(addressmap_rewrite(address, sizeof(address), &expires));
   test_streq(address, "2.2.2.2");
 
-  /* Test a chain of address mappings */
+  /* Test a chain of address mappings and the order in which they were added:
+          "MapAddress www.example.org 4.4.4.4"
+          "MapAddress 4.4.4.4 7.7.7.7"
+          "MapAddress 4.4.4.4 5.5.5.5"
+  */
   strlcpy(address, "www.example.org", sizeof(address));
   test_assert(addressmap_rewrite(address, sizeof(address), &expires));
   test_streq(address, "5.5.5.5");
@@ -97,9 +112,9 @@ test_config_addressmap(void)
 
   /* Test top-level-domain matching a bit harder */
   addressmap_clear_configured();
-  strlcpy(buf, "MapAddress .com .torserver.exit\n"
-          "MapAddress .torproject.org 1.1.1.1\n"
-          "MapAddress .net 2.2.2.2\n"
+  strlcpy(buf, "MapAddress *.com *.torserver.exit\n"
+          "MapAddress *.torproject.org 1.1.1.1\n"
+          "MapAddress *.net 2.2.2.2\n"
           , sizeof(buf));
   config_get_lines(buf, &(get_options()->AddressMap));
   config_register_addressmaps(get_options());
@@ -124,9 +139,9 @@ test_config_addressmap(void)
   test_assert(addressmap_rewrite(address, sizeof(address), &expires));
   test_streq(address, "2.2.2.2");
 
-  /* We don't support '.' as a mapping directive */
+  /* We don't support '*' as a mapping directive */
   addressmap_clear_configured();
-  strlcpy(buf, "MapAddress . .torserver.exit\n", sizeof(buf));
+  strlcpy(buf, "MapAddress * *.torserver.exit\n", sizeof(buf));
   config_get_lines(buf, &(get_options()->AddressMap));
   config_register_addressmaps(get_options());