diff options
| author | Roger Dingledine <arma@torproject.org> | 2011-09-28 15:13:05 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2011-09-28 15:13:05 -0400 |
| commit | 4e88a3bc3e1a195864c3185d16d89e090246fc55 (patch) | |
| tree | 0772d0b6ab4c6627891fa0326357115d984eccb5 | |
| parent | 458cc9d351f27092b245853fa72c5941389a3577 (diff) | |
| parent | 0b5d2646d56fe351b8b2b4bc97bbad30cb34b6d4 (diff) | |
| download | tor-4e88a3bc3e1a195864c3185d16d89e090246fc55.tar.gz tor-4e88a3bc3e1a195864c3185d16d89e090246fc55.zip | |
Merge branch 'maint-0.2.2'
| -rw-r--r-- | changes/bug4115 | 7 | ||||
| -rw-r--r-- | src/or/directory.c | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/changes/bug4115 b/changes/bug4115 new file mode 100644 index 0000000000..626791a806 --- /dev/null +++ b/changes/bug4115 @@ -0,0 +1,7 @@ + o Security fixes: + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes part of bug 4115; bugfix + on 0.2.0.35. + diff --git a/src/or/directory.c b/src/or/directory.c index f56a63c08c..776b7a25f9 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -828,8 +828,7 @@ directory_command_should_use_begindir(const or_options_t *options, return 0; /* We don't know an ORPort -- no chance. */ if (!anonymized_connection) if (!fascist_firewall_allows_address_or(addr, or_port) || - directory_fetches_from_authorities(options) || - (server_mode(options) && !options->Address)) + directory_fetches_from_authorities(options)) return 0; /* We're firewalled or are acting like a relay -- also no. */ if (!options->TunnelDirConns && router_purpose != ROUTER_PURPOSE_BRIDGE) |