diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2011-06-09 19:56:40 -0700 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-06-17 15:22:23 -0400 |
| commit | 010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a (patch) | |
| tree | 698aaee7acd8e7eb4e13d6544cec554345f85d8e | |
| parent | bf4b819aae43c11db824f3e790f8a92260e9988e (diff) | |
| download | tor-010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a.tar.gz tor-010b8dd4f6e8e3c3d2e44ff589ff61cbf64b952a.zip | |
Abandon rendezvous circuits on SIGNAL NEWNYM
| -rw-r--r-- | changes/abandon-rend-circs-on-newnym | 8 | ||||
| -rw-r--r-- | src/or/circuituse.c | 3 |
2 files changed, 10 insertions, 1 deletions
diff --git a/changes/abandon-rend-circs-on-newnym b/changes/abandon-rend-circs-on-newnym new file mode 100644 index 0000000000..67cb2dce2f --- /dev/null +++ b/changes/abandon-rend-circs-on-newnym @@ -0,0 +1,8 @@ + o Security fixes: + - Don't attach new streams to old rendezvous circuits after SIGNAL + NEWNYM. Previously, we would keep using an existing rendezvous + circuit if it remained open (i.e. if it were kept open by a + long-lived stream or if a new stream were attached to it before + Tor could notice that it was old and no longer in use and close + it). Bugfix on 0.1.1.15-rc; fixes bug 3375. + diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 41c1899c3a..48fc198c4b 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -59,7 +59,8 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn, return 0; } - if (purpose == CIRCUIT_PURPOSE_C_GENERAL) + if (purpose == CIRCUIT_PURPOSE_C_GENERAL || + purpose == CIRCUIT_PURPOSE_C_REND_JOINED) if (circ->timestamp_dirty && circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now) return 0; |