Reject SOCKS requests for "localhost" or ".local"

Sending them on is futile, since we will be told "127.0.0.1" and then
think we've been lied to.  Partial fix for 2822.

changes/bug2822.2

@@ -0,0 +1,6 @@
+  o Minor features:
+
+    - Don't bother trying to connect to addresses that we are sure will
+      resolve to 127.0.0.1: Getting 127.0.0.1 in a reply makes us think
+      we have been lied to, even when the address the client tried to
+      connect to was "localhost." Partial fix for bug 2822.

src/common/address.c

@@ -1682,3 +1682,12 @@ get_interface_address(int severity, uint32_t *addr)
   return r;
 }
 
+/** Return true if we can tell that <b>name</b> is a canonical name for the
+ * loopback address. */
+int
+tor_addr_hostname_is_local(const char *name)
+{
+  return !strcasecmp(name, "localhost") ||
+    !strcasecmp(name, "local") ||
+    !strcasecmpend(name, ".local");
+}

src/common/address.h

@@ -191,6 +191,8 @@ int tor_addr_is_loopback(const tor_addr_t *addr);
 int tor_addr_port_split(int severity, const char *addrport,
                         char **address_out, uint16_t *port_out);
 
+int tor_addr_hostname_is_local(const char *name);
+
 /* IPv4 helpers */
 int is_internal_IP(uint32_t ip, int for_listening);
 int addr_port_lookup(int severity, const char *addrport, char **address,

src/or/connection_edge.c

@@ -2000,8 +2000,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       if (options->ClientRejectInternalAddresses &&
           !conn->use_begindir && !conn->chosen_exit_name && !circ) {
         tor_addr_t addr;
-        if (tor_addr_parse(&addr, socks->address) >= 0 &&
+        if (tor_addr_hostname_is_local(socks->address) ||
-            tor_addr_is_internal(&addr, 0)) {
+            (tor_addr_parse(&addr, socks->address) >= 0 &&
+             tor_addr_is_internal(&addr, 0))) {
           /* If this is an explicit private address with no chosen exit node,
            * then we really don't want to try to connect to it.  That's
            * probably an error. */