Guard: Don't pick ourselves as a possible Guard

TROVE-2017-12. Severity: Medium Thankfully, tor will close any circuits that we try to extend to ourselves so this is not problematic but annoying. Part of #21534.
author: David Goulet <dgoulet@torproject.org> 2017-11-28 19:09:13 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-28 19:12:56 -0500
commit: 91cee3c9e73aba089804cd88305115fc3ab1f76c (patch)
tree: fa6c03323ff8edb5e029ccaa31243e077e5a0d03
parent: b1c4ab0bec5b2b07e7e5358f449e352bb34c75d0 (diff)
download: tor-91cee3c9e73aba089804cd88305115fc3ab1f76c.tar.gz
tor-91cee3c9e73aba089804cd88305115fc3ab1f76c.zip
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2
new file mode 100644
index 0000000000..ed994c5b02
--- /dev/null
+++ b/changes/trove-2017-012-part2
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never ever choose ourselves
+      as a guard. Previously, this was possible. Fixes part of bug 21534;
+      bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index d762afdcfe..0109da8e01 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -740,7 +740,8 @@ node_is_possible_guard(const node_t *node)
           node->is_stable &&
           node->is_fast &&
           node->is_valid &&
-          node_is_dir(node));
+          node_is_dir(node) &&
+          !router_digest_is_me(node->identity));
 }
 
 /**
author	David Goulet <dgoulet@torproject.org>	2017-11-28 19:09:13 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-28 19:12:56 -0500
commit	91cee3c9e73aba089804cd88305115fc3ab1f76c (patch)
tree	fa6c03323ff8edb5e029ccaa31243e077e5a0d03
parent	b1c4ab0bec5b2b07e7e5358f449e352bb34c75d0 (diff)
download	tor-91cee3c9e73aba089804cd88305115fc3ab1f76c.tar.gz tor-91cee3c9e73aba089804cd88305115fc3ab1f76c.zip