Loading src/or/connection.c +5 −0 Original line number Diff line number Diff line Loading @@ -429,6 +429,11 @@ static int connection_init_accepted_conn(connection_t *conn) { case CONN_TYPE_OR: return connection_tls_start_handshake(conn, 1); case CONN_TYPE_AP: /* check sockspolicy to see if we should accept it */ if(socks_policy_permits_address(conn->addr) == 0) { log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address); return -1; } conn->state = AP_CONN_STATE_SOCKS_WAIT; break; case CONN_TYPE_DIR: Loading src/or/connection_edge.c +12 −5 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ static struct exit_policy_t *socks_policy = NULL; static int connection_ap_handshake_process_socks(connection_t *conn); static void parse_socks_policy(void); static int socks_policy_permits_address(uint32_t addr); /** Handle new bytes on conn->inbuf, or notification of eof. * Loading Loading @@ -785,6 +784,12 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit) conn->socks_request->port, exit->exit_policy); } /** A helper function for socks_policy_permits_address() below. * * Parse options.SocksPolicy in the same way that the exit policy * is parsed, and put the processed version in &socks_policy. * Ignore port specifiers. */ static void parse_socks_policy(void) { struct exit_policy_t *n; Loading @@ -800,6 +805,9 @@ static void parse_socks_policy(void) } } /** Return 1 if <b>addr</b> is permitted to connect to our socks port, * based on <b>socks_policy</b>. Else return 0. */ int socks_policy_permits_address(uint32_t addr) { int a; Loading @@ -811,10 +819,9 @@ int socks_policy_permits_address(uint32_t addr) return 0; else if (a==0) return 1; else if (a==1) { tor_assert(a==1); log_fn(LOG_WARN, "Got unexpected 'maybe' answer from socks policy"); return 1; } return 0; } /* ***** Client DNS code ***** */ Loading src/or/or.h +2 −0 Original line number Diff line number Diff line Loading @@ -1044,6 +1044,8 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit); void connection_ap_expire_beginning(void); void connection_ap_attach_pending(void); int socks_policy_permits_address(uint32_t addr); void client_dns_init(void); uint32_t client_dns_lookup_entry(const char *address); int client_dns_incr_failures(const char *address); Loading Loading
src/or/connection.c +5 −0 Original line number Diff line number Diff line Loading @@ -429,6 +429,11 @@ static int connection_init_accepted_conn(connection_t *conn) { case CONN_TYPE_OR: return connection_tls_start_handshake(conn, 1); case CONN_TYPE_AP: /* check sockspolicy to see if we should accept it */ if(socks_policy_permits_address(conn->addr) == 0) { log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address); return -1; } conn->state = AP_CONN_STATE_SOCKS_WAIT; break; case CONN_TYPE_DIR: Loading
src/or/connection_edge.c +12 −5 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ static struct exit_policy_t *socks_policy = NULL; static int connection_ap_handshake_process_socks(connection_t *conn); static void parse_socks_policy(void); static int socks_policy_permits_address(uint32_t addr); /** Handle new bytes on conn->inbuf, or notification of eof. * Loading Loading @@ -785,6 +784,12 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit) conn->socks_request->port, exit->exit_policy); } /** A helper function for socks_policy_permits_address() below. * * Parse options.SocksPolicy in the same way that the exit policy * is parsed, and put the processed version in &socks_policy. * Ignore port specifiers. */ static void parse_socks_policy(void) { struct exit_policy_t *n; Loading @@ -800,6 +805,9 @@ static void parse_socks_policy(void) } } /** Return 1 if <b>addr</b> is permitted to connect to our socks port, * based on <b>socks_policy</b>. Else return 0. */ int socks_policy_permits_address(uint32_t addr) { int a; Loading @@ -811,10 +819,9 @@ int socks_policy_permits_address(uint32_t addr) return 0; else if (a==0) return 1; else if (a==1) { tor_assert(a==1); log_fn(LOG_WARN, "Got unexpected 'maybe' answer from socks policy"); return 1; } return 0; } /* ***** Client DNS code ***** */ Loading
src/or/or.h +2 −0 Original line number Diff line number Diff line Loading @@ -1044,6 +1044,8 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit); void connection_ap_expire_beginning(void); void connection_ap_attach_pending(void); int socks_policy_permits_address(uint32_t addr); void client_dns_init(void); uint32_t client_dns_lookup_entry(const char *address); int client_dns_incr_failures(const char *address); Loading
