From 3a4b24c3aba56475822ad94d268b48fd58b74645 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Sat, 16 Nov 2013 18:29:54 +0200 Subject: Removing is_internal_IP() function. Resolves ticket 4645. --- src/common/address.c | 13 ------------- src/common/address.h | 1 - src/or/config.c | 15 +++++++++++---- src/or/directory.c | 15 +++++++++++++-- src/or/dirserv.c | 7 ++++++- src/test/test_addr.c | 1 - 6 files changed, 30 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/common/address.c b/src/common/address.c index b9f2d9315..0b5bb2280 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1421,19 +1421,6 @@ get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr) * XXXX024 IPv6 deprecate some of these. */ -/** Return true iff ip (in host order) is an IP reserved to localhost, - * or reserved for local networks by RFC 1918. - */ -int -is_internal_IP(uint32_t ip, int for_listening) -{ - tor_addr_t myaddr; - myaddr.family = AF_INET; - myaddr.addr.in_addr.s_addr = htonl(ip); - - return tor_addr_is_internal(&myaddr, for_listening); -} - /** Given an address of the form "ip:port", try to divide it into its * ip and port portions, setting *address_out to a newly * allocated string holding the address portion and *port_out diff --git a/src/common/address.h b/src/common/address.h index 77e585534..bdca1f294 100644 --- a/src/common/address.h +++ b/src/common/address.h @@ -214,7 +214,6 @@ int tor_addr_port_parse(int severity, const char *addrport, int tor_addr_hostname_is_local(const char *name); /* IPv4 helpers */ -int is_internal_IP(uint32_t ip, int for_listening); int addr_port_lookup(int severity, const char *addrport, char **address, uint32_t *addr, uint16_t *port_out); int parse_port_range(const char *port, uint16_t *port_min_out, diff --git a/src/or/config.c b/src/or/config.c index e7847d583..f840b5e28 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2053,6 +2053,7 @@ resolve_my_address(int warn_severity, const or_options_t *options, int notice_severity = warn_severity <= LOG_NOTICE ? LOG_NOTICE : warn_severity; + tor_addr_t myaddr; tor_assert(addr_out); /* @@ -2103,8 +2104,11 @@ resolve_my_address(int warn_severity, const or_options_t *options, "local interface. Using that.", fmt_addr32(addr)); strlcpy(hostname, "", sizeof(hostname)); } else { /* resolved hostname into addr */ + myaddr.family = AF_INET; + myaddr.addr.in_addr.s_addr = htonl(addr); + if (!explicit_hostname && - is_internal_IP(addr, 0)) { + tor_addr_is_internal(&myaddr, 0)) { uint32_t interface_ip; log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' " @@ -2114,7 +2118,7 @@ resolve_my_address(int warn_severity, const or_options_t *options, if (get_interface_address(warn_severity, &interface_ip)) { log_fn(warn_severity, LD_CONFIG, "Could not get local interface IP address. Too bad."); - } else if (is_internal_IP(interface_ip, 0)) { + } else if (tor_addr_is_internal(&myaddr, 0)) { log_fn(notice_severity, LD_CONFIG, "Interface IP address '%s' is a private address too. " "Ignoring.", fmt_addr32(interface_ip)); @@ -2138,8 +2142,11 @@ resolve_my_address(int warn_severity, const or_options_t *options, * out if it is and we don't want that. */ + myaddr.family = AF_INET; + myaddr.addr.in_addr.s_addr = htonl(addr); + addr_string = tor_dup_ip(addr); - if (is_internal_IP(addr, 0)) { + if (tor_addr_is_internal(&myaddr, 0)) { /* make sure we're ok with publishing an internal IP */ if (!options->DirAuthorities && !options->AlternateDirAuthority) { /* if they are using the default authorities, disallow internal IPs @@ -2245,7 +2252,7 @@ is_local_addr(const tor_addr_t *addr) * resolve_my_address will never be called at all). In those cases, * last_resolved_addr will be 0, and so checking to see whether ip is on * the same /24 as last_resolved_addr will be the same as checking whether - * it was on net 0, which is already done by is_internal_IP. + * it was on net 0, which is already done by tor_addr_is_internal. */ if ((last_resolved_addr & (uint32_t)0xffffff00ul) == (ip & (uint32_t)0xffffff00ul)) diff --git a/src/or/directory.c b/src/or/directory.c index 0cacf0661..7f26affa2 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1415,12 +1415,23 @@ http_set_address_origin(const char *headers, connection_t *conn) fwd = http_get_header(headers, "X-Forwarded-For: "); if (fwd) { struct in_addr in; - if (!tor_inet_aton(fwd, &in) || is_internal_IP(ntohl(in.s_addr), 0)) { - log_debug(LD_DIR, "Ignoring unrecognized or internal IP %s", + if (!tor_inet_aton(fwd, &in)) { + log_debug(LD_DIR, "Ignoring unrecognized IP %s", escaped(fwd)); tor_free(fwd); return; } + + tor_addr_t toraddr; + toraddr.family = AF_INET; + toraddr.addr.in_addr = in; + + if (tor_addr_is_internal(&toraddr,0)) { + log_debug(LD_DIR, "Ignoring local IP %s", escaped(fwd)); + tor_free(fwd); + return; + } + tor_free(conn->address); conn->address = tor_strdup(fwd); tor_free(fwd); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index c0e000c75..4a25f99a4 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -533,7 +533,12 @@ dirserv_router_has_valid_address(routerinfo_t *ri) ri->address); return -1; } - if (is_internal_IP(ntohl(iaddr.s_addr), 0)) { + + tor_addr_t toraddr; + toraddr.family = AF_INET; + toraddr.addr.in_addr = iaddr; + + if (tor_addr_is_internal(&toraddr, 0)) { log_info(LD_DIRSERV, "Router %s published internal IP address '%s'. Refusing.", router_describe(ri), ri->address); diff --git a/src/test/test_addr.c b/src/test/test_addr.c index 4bc602df8..829697b1e 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -402,7 +402,6 @@ test_addr_ip6_helpers(void) test_internal_ip("::ffff:169.254.0.0", 0); test_internal_ip("::ffff:169.254.255.255", 0); test_external_ip("::ffff:169.255.0.0", 0); - test_assert(is_internal_IP(0x7f000001, 0)); /* tor_addr_compare(tor_addr_t x2) */ test_addr_compare("ffff::", ==, "ffff::0"); -- cgit v1.2.3 From e82e772f2b1a2b2235d3b3bcde85666e09a182b5 Mon Sep 17 00:00:00 2001 From: rl1987 Date: Wed, 20 Nov 2013 21:49:17 +0200 Subject: Using proper functions to create tor_addr_t. --- src/or/config.c | 6 ++---- src/or/directory.c | 13 ++----------- src/or/dirserv.c | 3 +-- 3 files changed, 5 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/or/config.c b/src/or/config.c index f840b5e28..a90468dfa 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2104,8 +2104,7 @@ resolve_my_address(int warn_severity, const or_options_t *options, "local interface. Using that.", fmt_addr32(addr)); strlcpy(hostname, "", sizeof(hostname)); } else { /* resolved hostname into addr */ - myaddr.family = AF_INET; - myaddr.addr.in_addr.s_addr = htonl(addr); + tor_addr_from_ipv4h(&myaddr, addr); if (!explicit_hostname && tor_addr_is_internal(&myaddr, 0)) { @@ -2142,8 +2141,7 @@ resolve_my_address(int warn_severity, const or_options_t *options, * out if it is and we don't want that. */ - myaddr.family = AF_INET; - myaddr.addr.in_addr.s_addr = htonl(addr); + tor_addr_from_ipv4h(&myaddr,addr); addr_string = tor_dup_ip(addr); if (tor_addr_is_internal(&myaddr, 0)) { diff --git a/src/or/directory.c b/src/or/directory.c index 7f26affa2..6effe45db 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1414,20 +1414,11 @@ http_set_address_origin(const char *headers, connection_t *conn) if (!fwd) fwd = http_get_header(headers, "X-Forwarded-For: "); if (fwd) { - struct in_addr in; - if (!tor_inet_aton(fwd, &in)) { - log_debug(LD_DIR, "Ignoring unrecognized IP %s", - escaped(fwd)); - tor_free(fwd); - return; - } - tor_addr_t toraddr; - toraddr.family = AF_INET; - toraddr.addr.in_addr = in; + tor_addr_parse(&toraddr,fwd); if (tor_addr_is_internal(&toraddr,0)) { - log_debug(LD_DIR, "Ignoring local IP %s", escaped(fwd)); + log_debug(LD_DIR, "Ignoring local/internal IP %s", escaped(fwd)); tor_free(fwd); return; } diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 4a25f99a4..b6bb607fa 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -535,8 +535,7 @@ dirserv_router_has_valid_address(routerinfo_t *ri) } tor_addr_t toraddr; - toraddr.family = AF_INET; - toraddr.addr.in_addr = iaddr; + tor_addr_from_in(&toraddr,&iaddr); if (tor_addr_is_internal(&toraddr, 0)) { log_info(LD_DIRSERV, -- cgit v1.2.3 From dafed84dabbb3afbada5e55ac1d030412418fae5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 3 Feb 2014 14:31:31 -0500 Subject: Fixes for bug4645 fix. --- src/or/config.c | 10 +++++----- src/or/dirserv.c | 11 ++++------- 2 files changed, 9 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/or/config.c b/src/or/config.c index a90468dfa..517ca70ef 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2108,22 +2108,22 @@ resolve_my_address(int warn_severity, const or_options_t *options, if (!explicit_hostname && tor_addr_is_internal(&myaddr, 0)) { - uint32_t interface_ip; + tor_addr_t interface_ip; log_fn(notice_severity, LD_CONFIG, "Guessed local hostname '%s' " "resolves to a private IP address (%s). Trying something " "else.", hostname, fmt_addr32(addr)); - if (get_interface_address(warn_severity, &interface_ip)) { + if (get_interface_address6(warn_severity, AF_INET, &interface_ip)<0) { log_fn(warn_severity, LD_CONFIG, "Could not get local interface IP address. Too bad."); - } else if (tor_addr_is_internal(&myaddr, 0)) { + } else if (tor_addr_is_internal(&interface_ip, 0)) { log_fn(notice_severity, LD_CONFIG, "Interface IP address '%s' is a private address too. " - "Ignoring.", fmt_addr32(interface_ip)); + "Ignoring.", fmt_addr(&interface_ip)); } else { from_interface = 1; - addr = interface_ip; + addr = tor_addr_to_ipv4h(&interface_ip); log_fn(notice_severity, LD_CONFIG, "Learned IP address '%s' for local interface." " Using that.", fmt_addr32(addr)); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index b6bb607fa..e3e6519dd 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -524,20 +524,17 @@ dirserv_free_fingerprint_list(void) static int dirserv_router_has_valid_address(routerinfo_t *ri) { - struct in_addr iaddr; + tor_addr_t addr; if (get_options()->DirAllowPrivateAddresses) return 0; /* whatever it is, we're fine with it */ - if (!tor_inet_aton(ri->address, &iaddr)) { - log_info(LD_DIRSERV,"Router %s published non-IP address '%s'. Refusing.", + if (tor_addr_parse(&addr, ri->address) != AF_INET) { + log_info(LD_DIRSERV,"Router %s published non-IPv4 address '%s'. Refusing.", router_describe(ri), ri->address); return -1; } - tor_addr_t toraddr; - tor_addr_from_in(&toraddr,&iaddr); - - if (tor_addr_is_internal(&toraddr, 0)) { + if (tor_addr_is_internal(&addr, 0)) { log_info(LD_DIRSERV, "Router %s published internal IP address '%s'. Refusing.", router_describe(ri), ri->address); -- cgit v1.2.3 From 408bd98e79196933e447cbc68c73ecffebaf5a19 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 1 Apr 2014 21:10:14 -0400 Subject: Add one more missing heck on bug4645 fixes --- src/or/directory.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/or/directory.c b/src/or/directory.c index 6effe45db..d6d2339e9 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -1415,9 +1415,8 @@ http_set_address_origin(const char *headers, connection_t *conn) fwd = http_get_header(headers, "X-Forwarded-For: "); if (fwd) { tor_addr_t toraddr; - tor_addr_parse(&toraddr,fwd); - - if (tor_addr_is_internal(&toraddr,0)) { + if (tor_addr_parse(&toraddr,fwd) == -1 || + tor_addr_is_internal(&toraddr,0)) { log_debug(LD_DIR, "Ignoring local/internal IP %s", escaped(fwd)); tor_free(fwd); return; -- cgit v1.2.3