diff options
| author | Nick Mathewson <nickm@torproject.org> | 2007-07-12 17:00:44 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2007-07-12 17:00:44 +0000 |
| commit | d9cee674795edd7658e7695837dd860d825a8b74 (patch) | |
| tree | 1b9476afa1527491da3e0ca6fc93747d18a2e684 | |
| parent | cce7548d0cbd12dc01b3ca29b21b30cb9efcb20b (diff) | |
| download | tor-d9cee674795edd7658e7695837dd860d825a8b74.tar.gz tor-d9cee674795edd7658e7695837dd860d825a8b74.zip | |
r13738@catbus: nickm | 2007-07-12 13:00:35 -0400
Backport r10730: Do not choose guard nodes that appear after any never-before-connected-to guard.
svn:r10817
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | doc/TODO.012 | 2 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 8 |
3 files changed, 15 insertions, 2 deletions
@@ -9,12 +9,17 @@ Changes in version 0.1.2.15 - 2007-0?-?? routerlist while inserting a new router. - Fix eventdns.c behavior on Solaris: It is critical to include orconfig.h _before_ sys/types.h, so that we can get the expected - definition of _FILE_OFFSET_BITS. [Bugfix on 0.1.2.x] + definition of _FILE_OFFSET_BITS. o Major bugfixes (security): - Fix a possible buffer overrun when using BSD natd support. Bug found by "Mr. Croup." + o Minor bugfixes (guard nodes): + - If there's a never-before-connected-to guard node in our list, + never choose any guards past it. This way we don't expand our + guard list unless we need to. + o Minor bugfixes (security): - When sending destroy cells from a circuit's origin, don't include the reason for tearing down the circuit. The spec says we didn't, diff --git a/doc/TODO.012 b/doc/TODO.012 index e84b47d5fa..5d70450e8c 100644 --- a/doc/TODO.012 +++ b/doc/TODO.012 @@ -13,7 +13,7 @@ Backport items for 0.1.2: o r10563: use correct types with desc_digest_map. o r10566: build correctly on systems where size_t is bigger than ulong. o r10643: eventdns.c behavior fix for solaris. - - r10730: Don't choose guards after any never-connected-to guard. (??) + o r10730: Don't choose guards after any never-connected-to guard. o r10760: fix possible buffer overrun in old BSD natd code o r10790: Don't include reasons in destroy cells from the origin. - Some fix for bug 455. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 7ae2abbc8b..ac0db6e5d8 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2354,6 +2354,13 @@ choose_random_entry(cpath_build_state_t *state) r = entry_is_live(entry, need_uptime, need_capacity, 0); if (r && !smartlist_isin(exit_family, r)) { smartlist_add(live_entry_guards, r); + if (!entry->made_contact) { + /* Always start with the first not-yet-contacted entry + * guard. Otherwise we might add several new ones, pick + * the second new one, and now we've expanded our entry + * guard list without needing to. */ + goto choose_and_finish; + } if (smartlist_len(live_entry_guards) >= options->NumEntryGuards) break; /* we have enough */ } @@ -2387,6 +2394,7 @@ choose_random_entry(cpath_build_state_t *state) /* live_entry_guards will be empty below. Oh well, we tried. */ } + choose_and_finish: r = smartlist_choose(live_entry_guards); smartlist_free(live_entry_guards); smartlist_free(exit_family); |