Commit 7828927a authored by Roger Dingledine's avatar Roger Dingledine
Browse files

Only rewrite a conn's address based on X-Forwarded-For: headers

if it's a parseable public IP address; and stop adding extra quotes
to the resulting address.


svn:r9505
parent 690c9cc8
...@@ -79,6 +79,9 @@ Changes in version 0.1.2.7-alpha - 2007-02-06 ...@@ -79,6 +79,9 @@ Changes in version 0.1.2.7-alpha - 2007-02-06
- Call stat() slightly less often; use fstat() when possible. - Call stat() slightly less often; use fstat() when possible.
- Refactor the way we handle pending circuits when an OR connection - Refactor the way we handle pending circuits when an OR connection
completes or fails, in an attempt to fix a rare crash bug. completes or fails, in an attempt to fix a rare crash bug.
- Only rewrite a conn's address based on X-Forwarded-For: headers
if it's a parseable public IP address; and stop adding extra quotes
to the resulting address.
o Major features: o Major features:
- Weight directory requests by advertised bandwidth. Now we can - Weight directory requests by advertised bandwidth. Now we can
......
...@@ -708,8 +708,14 @@ http_set_address_origin(const char *headers, connection_t *conn) ...@@ -708,8 +708,14 @@ http_set_address_origin(const char *headers, connection_t *conn)
if (!fwd) if (!fwd)
fwd = http_get_header(headers, "X-Forwarded-For: "); fwd = http_get_header(headers, "X-Forwarded-For: ");
if (fwd) { if (fwd) {
struct in_addr in;
if (!tor_inet_aton(fwd, &in) || is_internal_IP(ntohl(in.s_addr), 0)) {
log_debug(LD_DIR, "Ignoring unrecognized or internal IP '%s'", fwd);
tor_free(fwd);
return;
}
tor_free(conn->address); tor_free(conn->address);
conn->address = tor_strdup(escaped(fwd)); conn->address = tor_strdup(fwd);
tor_free(fwd); tor_free(fwd);
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment