diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-03-09 14:30:12 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-03-09 14:30:12 -0500 |
| commit | 9f88c1e14f22104992904d99b5c857838acd6cfb (patch) | |
| tree | 31567f8f0fa29a57aa49be15ea9dabc97d506c51 | |
| parent | 978cfcfbbb9d7960d081fd1eb26b0706cb296f3c (diff) | |
| parent | 99bd5400e879e7313288f153f464e0b3bc0782e0 (diff) | |
| download | tor-9f88c1e14f22104992904d99b5c857838acd6cfb.tar.gz tor-9f88c1e14f22104992904d99b5c857838acd6cfb.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
src/or/circuitbuild.c
| -rw-r--r-- | changes/bug5342 | 3 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/changes/bug5342 b/changes/bug5342 new file mode 100644 index 0000000000..b2ae4515a9 --- /dev/null +++ b/changes/bug5342 @@ -0,0 +1,3 @@ + o Security fixes: + - Never use a bridge as an exit, even if it claims to be one. Found by + wanoskarnet. Fixes bug 5342. Bugfix on ????. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 7c404e63cb..3948008775 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2719,6 +2719,11 @@ choose_good_exit_server_general(int need_uptime, int need_capacity) n_supported[i] = -1; continue; /* skip routers that are known to be down or bad exits */ } + if (node_get_purpose(node) != ROUTER_PURPOSE_GENERAL) { + /* never pick a non-general node as a random exit. */ + n_supported[i] = -1; + continue; + } if (routerset_contains_node(options->_ExcludeExitNodesUnion, node)) { n_supported[i] = -1; continue; /* user asked us not to use it, no matter what */ |