From bab6c0a3325c029428fbca727e60fac1a1766e5f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 17 Feb 2004 08:52:03 +0000 Subject: [PATCH] Fix the Big Bug in router_compare_addr_to_exit_policy: we used port 0 to mean "unknown port". But no exit policy supports (nonexistant) port 0, except accept *:*, and we had no special handling for 'unknown port'. Now we do. svn:r1098 --- src/or/routerlist.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 3c9281d5f7..cc975204e4 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -404,24 +404,25 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port, int maybe_reject = 0; int maybe_accept = 0; int match = 0; + int maybe = 0; struct in_addr in; struct exit_policy_t *tmpe; for(tmpe=policy; tmpe; tmpe=tmpe->next) { log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string); + maybe = 0; if (!addr) { /* Address is unknown. */ - if (tmpe->msk == 0 && (port >= tmpe->prt_min && port <= tmpe->prt_max)) { - /* The exit policy is accept/reject *:port */ - match = 1; - } else if (port >= tmpe->prt_min && port <= tmpe->prt_max) { - if (tmpe->policy_type == EXIT_POLICY_REJECT) { - /* The exit policy is reject ???:port */ - maybe_reject = 1; + if (port >= tmpe->prt_min && port <= tmpe->prt_max) { + /* The port definitely matches. */ + if (tmpe->msk == 0) { + match = 1; } else { - /* The exit policy is accept ???:port */ - maybe_accept = 1; + maybe = 1; } + } else if (!port) { + /* The port maybe matches. */ + maybe = 1; } } else { /* Address is known */ @@ -431,6 +432,12 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port, match = 1; } } + if (maybe) { + if (tmpe->policy_type == EXIT_POLICY_REJECT) + maybe_reject = 1; + else + maybe_accept = 1; + } if (match) { in.s_addr = htonl(addr); log_fn(LOG_INFO,"Address %s:%d matches exit policy '%s'", -- 2.11.4.GIT