diff options
| author | teor <teor2345@gmail.com> | 2014-12-25 23:42:38 +1100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-12-30 09:06:00 -0500 |
| commit | 22a1e9cac18f69e6e14c0e84785460f2074d8575 (patch) | |
| tree | 1054e567c11787664a5646a02b1fa21f22b8fb10 | |
| parent | 2d199bdffecb83be684d8c7667d1880bd40243bc (diff) | |
| download | tor-22a1e9cac18f69e6e14c0e84785460f2074d8575.tar.gz tor-22a1e9cac18f69e6e14c0e84785460f2074d8575.zip | |
Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry
guards and their families, unless we're in a test network,
and excluding guards would exclude all nodes.
This typically occurs in incredibly small tor networks,
and those using TestingAuthVoteGuard *
This is an incomplete fix, but is no worse than the previous
behaviour, and only applies to minimal, testing tor networks
(so it's no less secure).
Discovered as part of #13718.
| -rw-r--r-- | changes/bug13718-avoid-excluding-guards | 8 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 13 |
2 files changed, 19 insertions, 2 deletions
diff --git a/changes/bug13718-avoid-excluding-guards b/changes/bug13718-avoid-excluding-guards new file mode 100644 index 0000000000..bf80d2a7e7 --- /dev/null +++ b/changes/bug13718-avoid-excluding-guards @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Avoid excluding guards from path building in minimal test networks, + when we're in a test network, and excluding guards would exclude + all nodes. This typically occurs in incredibly small tor networks, + and those using TestingAuthVoteGuard * + This fix only applies to minimal, testing tor networks, + so it's no less secure. + Discovered as part of #13718. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 36ccdc9d5f..a834e7b7fc 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2053,9 +2053,18 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state) smartlist_add(excluded, (void*)node); }); } - /* and exclude current entry guards and their families, if applicable */ + /* and exclude current entry guards and their families, + * unless we're in a test network, and excluding guards + * would exclude all nodes (i.e. we're in an incredibly small tor network, + * or we're using TestingAuthVoteGuard *). + * This is an incomplete fix, but is no worse than the previous behaviour, + * and only applies to minimal, testing tor networks + * (so it's no less secure) */ /*XXXX025 use the using_as_guard flag to accomplish this.*/ - if (options->UseEntryGuards) { + if (options->UseEntryGuards + && (!options->TestingTorNetwork || + smartlist_len(nodelist_get_list()) > smartlist_len(get_entry_guards()) + )) { SMARTLIST_FOREACH(get_entry_guards(), const entry_guard_t *, entry, { if ((node = node_get_by_id(entry->identity))) { |