Commit d958915e authored by juga's avatar juga
Browse files

fix: relaylist: Check exit to all domains/ips

When an exit policy allows to exit only to some subnet, it is not
enough to check that it can exit to a port, since it can, but it might
not be able to exit to the domain/ip of the sbws Web servers.
To ensure that without having to check whether it can exit to a
specific domain/ip, we can query the exit policy with `strict`.

Closes #40006. Bugfix v1.0.3.
parent 3e86fd59
...@@ -197,7 +197,9 @@ class Relay: ...@@ -197,7 +197,9 @@ class Relay:
# Therefore, catch the exception here. # Therefore, catch the exception here.
try: try:
if self.exit_policy: if self.exit_policy:
return self.exit_policy.can_exit_to(port=port) # Using `strict` to ensure it can exit to ALL domains
# and ips and that port. See #40006.
return self.exit_policy.can_exit_to(port=port, strict=True)
except TypeError: except TypeError:
return False return False
return False return False
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment