diff options
| author | Roger Dingledine <arma@torproject.org> | 2011-09-28 14:50:43 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2011-09-28 14:50:43 -0400 |
| commit | 0b5d2646d56fe351b8b2b4bc97bbad30cb34b6d4 (patch) | |
| tree | ae059342c1891e2c208ace3b890492bcb06f9521 | |
| parent | 1c2e4d13366aee5f0107696e4d621b924a6f39a6 (diff) | |
| download | tor-0b5d2646d56fe351b8b2b4bc97bbad30cb34b6d4.tar.gz tor-0b5d2646d56fe351b8b2b4bc97bbad30cb34b6d4.zip | |
bug 4115: make bridges use begindir for their dir fetches
removes another avenue for enumerating bridges.
| -rw-r--r-- | changes/bug4115 | 7 | ||||
| -rw-r--r-- | src/or/directory.c | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/changes/bug4115 b/changes/bug4115 new file mode 100644 index 0000000000..626791a806 --- /dev/null +++ b/changes/bug4115 @@ -0,0 +1,7 @@ + o Security fixes: + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes part of bug 4115; bugfix + on 0.2.0.35. + diff --git a/src/or/directory.c b/src/or/directory.c index 52fec6b61a..e3cc70f91f 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -785,8 +785,7 @@ directory_command_should_use_begindir(or_options_t *options, return 0; /* We don't know an ORPort -- no chance. */ if (!anonymized_connection) if (!fascist_firewall_allows_address_or(addr, or_port) || - directory_fetches_from_authorities(options) || - (server_mode(options) && !options->Address)) + directory_fetches_from_authorities(options)) return 0; /* We're firewalled or are acting like a relay -- also no. */ if (!options->TunnelDirConns && router_purpose != ROUTER_PURPOSE_BRIDGE) |