Rename is_localhost to allow_local_addrs, and apply it to IPs too.

2021-10-18 12:07:18 -04:00 · 2021-10-18 12:07:18 -04:00 · 36febf7c14
parent 2e4f5e2d10
commit 36febf7c14
3 changed files with 13 additions and 8 deletions
--- a/crates/arti/src/arti_defaults.toml
+++ b/crates/arti/src/arti_defaults.toml
@ -108,5 +108,5 @@ request_loyalty = "50 msec"
 # Rules for client configuration
 [client_config]

-# Are we running as localhost (e.g. on chutney)?
-is_localhost = false
+# Should we allow attempts to make Tor connections to local addresses?
+allow_local_addrs = false
--- a/crates/tor-client/src/client.rs
+++ b/crates/tor-client/src/client.rs
@ -216,7 +216,7 @@ impl<R: Runtime> TorClient<R> {
            return Err(anyhow!("Rejecting hostname as invalid."));
        }
        if let Ok(ip) = IpAddr::from_str(addr) {
-            if Self::is_internal_ip(&ip) {
+            if Self::is_internal_ip(&ip) && !self.clientcfg.allow_local_addrs {
                return Err(anyhow!("Rejecting IP as internal."));
            }
        }
@ -361,7 +361,7 @@ pub(crate) fn is_valid_hostname(client_cfg: &ClientConfig, hostname: &str) -> bo
        || hostname.ends_with('.')
        || hostname.starts_with('.')
        || hostname.is_empty()
-        || (hostname.to_lowercase().eq("localhost") && !client_cfg.is_localhost))
+        || (hostname.to_lowercase().eq("localhost") && !client_cfg.allow_local_addrs))
        || is_ipv6_str(hostname)
 }

@ -476,9 +476,11 @@ mod test {
    #[test]
    fn validate_hostname() {
        let client_cfg = ClientConfig {
-            is_localhost: false,
+            allow_local_addrs: false,
+        };
+        let client_cfg_localhost = ClientConfig {
+            allow_local_addrs: true,
        };
-        let client_cfg_localhost = ClientConfig { is_localhost: true };

        // Valid hostname tests
        assert!(is_valid_hostname(&client_cfg, "torproject.org"));
--- a/crates/tor-client/src/config.rs
+++ b/crates/tor-client/src/config.rs
@ -10,9 +10,12 @@ use serde::Deserialize;
 #[derive(Debug, Clone, Builder, Deserialize)]
 #[builder]
 pub struct ClientConfig {
-    /// Are we running as localhost?
+    /// Should we allow attempts to make Tor connections to local addresses?
+    ///
+    /// This option is off by default, since (by default) Tor exits will
+    /// always reject connections to such addresses.
    #[builder(default)]
-    pub(crate) is_localhost: bool,
+    pub(crate) allow_local_addrs: bool,
 }

 // NOTE: it seems that `unwrap` may be safe because of builder defaults