Commit 276d953b authored by Roger Dingledine's avatar Roger Dingledine
Browse files

fix an assert: check the sockspolicy before we make/add the connection, 

else we close a connection without assigning it a state, which is bad
because it fails assert_conn_ok()


svn:r2156
parent 9467f5fc

src/or/connection.c

+11 −5
Original line number Diff line number Diff line
@@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) { 


  set_socket_nonblocking(news);



  /* process entrance policies here, before we even create the connection */

  if(new_type == CONN_TYPE_AP) {

    /* check sockspolicy to see if we should accept it */

    if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {

      log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",

             inet_ntoa(remote.sin_addr));

      tor_close_socket(news);

      return 0;

    }

  }



  newconn = connection_new(new_type);

  newconn->s = news;
@@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) { 
    case CONN_TYPE_OR:

      return connection_tls_start_handshake(conn, 1);

    case CONN_TYPE_AP:

      /* check sockspolicy to see if we should accept it */

      if(socks_policy_permits_address(conn->addr) == 0) {

        log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);

        return -1;

      }

      conn->state = AP_CONN_STATE_SOCKS_WAIT;

      break;

    case CONN_TYPE_DIR: