diff options
author | David Goulet <dgoulet@torproject.org> | 2018-02-13 10:29:41 -0500 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2018-02-13 10:35:41 -0500 |
commit | 4fe4f8179fe81244319c7fdec64299b6506434a2 (patch) | |
tree | 7f9995241419b200b25cdf7a81554f80eaa3cae1 | |
parent | 1555946e202fef523b35e169c90892b57caea766 (diff) | |
download | tor-4fe4f8179fe81244319c7fdec64299b6506434a2.tar.gz tor-4fe4f8179fe81244319c7fdec64299b6506434a2.zip |
dos: Don't set consensus param if we aren't a public relay
We had this safeguard around dos_init() but not when the consensus changes
which can modify consensus parameters and possibly enable the DoS mitigation
even if tor wasn't a public relay.
Fixes #25223
Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r-- | changes/bug25223 | 3 | ||||
-rw-r--r-- | src/or/dos.c | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/changes/bug25223 b/changes/bug25223 new file mode 100644 index 0000000000..2a7eb6b25d --- /dev/null +++ b/changes/bug25223 @@ -0,0 +1,3 @@ + o Minor bugfixes (DoS mitigation): + - Make sure we don't modify consensus parameters if we aren't a public + relay when a new consensus arrives. Fixes bug 25223. diff --git a/src/or/dos.c b/src/or/dos.c index 9e8a7a9abe..bfa415e7b5 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -738,6 +738,14 @@ dos_close_client_conn(const or_connection_t *or_conn) void dos_consensus_has_changed(const networkstatus_t *ns) { + /* There are two ways to configure this subsystem, one at startup through + * dos_init() which is called when the options are parsed. And this one + * through the consensus. We don't want to enable any DoS mitigation if we + * aren't a public relay. */ + if (!public_server_mode(get_options())) { + return; + } + cc_consensus_has_changed(ns); conn_consensus_has_changed(ns); |