Merge remote-tracking branch 'dgoulet/bug21155_031_02'

2 files changed, 19 insertions, 0 deletions

diff --git a/changes/bug21155 b/changes/bug21155
new file mode 100644
index 0000000000..f2a34dbd0f
--- /dev/null
+++ b/changes/bug21155
@@ -0,0 +1,5 @@
+  o Minor bugfixes (hidden service, logging):
+    - Warn user if multiple entries in  EntryNodes and at least one
+      HiddenService are used together. Pinning EntryNodes along with an hidden
+      service can be possibly harmful for instance see ticket 14917 or 21155.
+      Closes bug 21155.
diff --git a/src/or/config.c b/src/or/config.c
index 7ae40053ee..809ff499fc 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3510,6 +3510,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
     return -1;
   }
 
+  /* Inform the hidden service operator that pinning EntryNodes can possibly
+   * be harmful for the service anonymity. */
+  if (options->EntryNodes &&
+      routerset_is_list(options->EntryNodes) &&
+      (options->RendConfigLines != NULL)) {
+    log_warn(LD_CONFIG,
+             "EntryNodes is set with multiple entries and at least one "
+             "hidden service is configured. Pinning entry nodes can possibly "
+             "be harmful to the service anonymity. Because of this, we "
+             "recommend you either don't do that or make sure you know what "
+             "you are doing. For more details, please look at "
+             "https://trac.torproject.org/projects/tor/ticket/21155.");
+  }
+
   /* Single Onion Services: non-anonymous hidden services */
   if (rend_service_non_anonymous_mode_enabled(options)) {
     log_warn(LD_CONFIG,