LastUsed = LastHostAddr;
}
/*}}}*/
+static bool ConnectionAllowed(char const * const Service, std::string const &Host)/*{{{*/
+{
+ if (APT::String::Endswith(Host, ".onion") && _config->FindB("Acquire::BlockDotOnion", true))
+ {
+ // TRANSLATOR: %s is e.g. Tor's ".onion" which would likely fail or leak info (RFC7686)
+ _error->Error(_("Direct connection to %s domains is blocked by default."), ".onion");
+ if (strcmp(Service, "http") == 0)
+ _error->Error(_("If you meant to use Tor remember to use %s instead of %s."), "tor+http", "http");
+ return false;
+ }
+ return true;
+}
+ /*}}}*/
// DoConnect - Attempt a connect operation /*{{{*/
// ---------------------------------------------------------------------
/* This helper function attempts a connection to a single address. */
-static bool DoConnect(struct addrinfo *Addr,std::string Host,
+static bool DoConnect(struct addrinfo *Addr,std::string const &Host,
unsigned long TimeOut,int &Fd,pkgAcqMethod *Owner)
{
// Show a status indicator
const char * const Service, int DefPort, int &Fd,
unsigned long const TimeOut, pkgAcqMethod * const Owner)
{
+ if (ConnectionAllowed(Service, Host) == false)
+ return false;
// Convert the port name/number
char ServStr[300];
if (Port != 0)
memset(&Hints,0,sizeof(Hints));
Hints.ai_socktype = SOCK_STREAM;
Hints.ai_flags = 0;
+#ifdef AI_IDN
if (_config->FindB("Acquire::Connect::IDN", true) == true)
Hints.ai_flags |= AI_IDN;
+#endif
// see getaddrinfo(3): only return address if system has such a address configured
// useful if system is ipv4 only, to not get ipv6, but that fails if the system has
// no address configured: e.g. offline and trying to connect to localhost.
if (_error->PendingError() == true)
return false;
+ if (ConnectionAllowed(Service, Host) == false)
+ return false;
+
if(LastHost != Host || LastPort != Port)
{
SrvRecords.clear();
projects / apt.git / blobdiff