Commit 9c0a1adf authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Don't do a DNS lookup on a bridge line address 

Fixes bug 10801; bugfix on 07bf274d in 0.2.0.1-alpha.
parent a83abcf5

changes/bug10801

0 → 100644
+4 −0
Original line number Diff line number Diff line 
  o Minor bugfixes:

    - Stop accepting bridge lines containing hostnames. Doing so allowed

      clients to perform DNS requests on the hostnames, which was not

      sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.

src/common/address.c

+12 −4
Original line number Diff line number Diff line
@@ -1439,12 +1439,16 @@ is_internal_IP(uint32_t ip, int for_listening) 
 * to the port.

 *

 * Don't do DNS lookups and don't allow domain names in the <ip> field.

 * Don't accept <b>addrport</b> of the form "<ip>" or "<ip>:0".

 *

 * If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the

 * form "<ip>" or "<ip>:0".  Otherwise, accept those forms, and set

 * *<b>port_out</b> to <b>default_port</b>.

 *

 * Return 0 on success, -1 on failure. */

int

tor_addr_port_parse(int severity, const char *addrport,

                    tor_addr_t *address_out, uint16_t *port_out)

                    tor_addr_t *address_out, uint16_t *port_out,

                    int default_port)

{

  int retval = -1;

  int r;
@@ -1458,8 +1462,12 @@ tor_addr_port_parse(int severity, const char *addrport, 
  if (r < 0)

    goto done;



  if (!*port_out)

  if (!*port_out) {

    if (default_port >= 0)

      *port_out = default_port;

    else

      goto done;

  }



  /* make sure that address_out is an IP address */

  if (tor_addr_parse(address_out, addr_tmp) < 0)

src/common/address.h

+2 −1
Original line number Diff line number Diff line
@@ -209,7 +209,8 @@ int tor_addr_port_split(int severity, const char *addrport, 
                        char **address_out, uint16_t *port_out);



int tor_addr_port_parse(int severity, const char *addrport,

                        tor_addr_t *address_out, uint16_t *port_out);

                        tor_addr_t *address_out, uint16_t *port_out,

                        int default_port);



int tor_addr_hostname_is_local(const char *name);

src/or/config.c

+2 −8
Original line number Diff line number Diff line
@@ -4169,16 +4169,10 @@ parse_bridge_line(const char *line, int validate_only) 
    addrport = field1;

  }



  if (tor_addr_port_lookup(addrport, &addr, &port)<0) {

  if (tor_addr_port_parse(LOG_INFO, addrport, &addr, &port, 443)<0) {

    log_warn(LD_CONFIG, "Error parsing Bridge address '%s'", addrport);

    goto err;

  }

  if (!port) {

    log_info(LD_CONFIG,

             "Bridge address '%s' has no port; using default port 443.",

             addrport);

    port = 443;

  }



  if (smartlist_len(items)) {

    fingerprint = smartlist_join_strings(items, "", 0, NULL);
@@ -4384,7 +4378,7 @@ get_bindaddr_from_transport_listen_line(const char *line,const char *transport) 
    goto err;



  /* Validate addrport */

  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port)<0) {

  if (tor_addr_port_parse(LOG_WARN, addrport, &addr, &port, -1)<0) {

    log_warn(LD_CONFIG, "Error parsing ServerTransportListenAddr "

             "address '%s'", addrport);

    goto err;

src/test/test_addr.c

+20 −6
Original line number Diff line number Diff line
@@ -735,7 +735,7 @@ test_addr_parse(void) 
  /* Correct call. */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2.1:1234",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == 0);

  tor_addr_to_str(buf, &addr, sizeof(buf), 0);

  test_streq(buf, "192.0.2.1");
@@ -744,31 +744,45 @@ test_addr_parse(void) 
  /* Domain name. */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "torproject.org:1234",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == -1);



  /* Only IP. */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2.2",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == -1);



  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2.2",

                         &addr, &port, 200);

  test_assert(r == 0);

  tt_int_op(port,==,200);



  /* Bad port. */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2.2:66666",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == -1);

  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2.2:66666",

                         &addr, &port, 200);

  test_assert(r == -1);



  /* Only domain name */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "torproject.org",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == -1);

  r= tor_addr_port_parse(LOG_DEBUG,

                         "torproject.org",

                         &addr, &port, 200);

  test_assert(r == -1);



  /* Bad IP address */

  r= tor_addr_port_parse(LOG_DEBUG,

                         "192.0.2:1234",

                         &addr, &port);

                         &addr, &port, -1);

  test_assert(r == -1);



 done: