Merge branch 'maint-0.2.8' into release-0.2.8

5 files changed, 26 insertions, 10 deletions

diff --git a/changes/bug19973 b/changes/bug19973
new file mode 100644
index 0000000000..7bd5c554f9
--- /dev/null
+++ b/changes/bug19973
@@ -0,0 +1,6 @@
+  o Major bugfixes (client, security):
+    - Only use the ReachableAddresses option to restrict the first hop
+      in a path. Previously, it would apply to every hop in the path,
+      with a possible degredation in anonymity for anyone using an
+      uncommon ReachableAddress setting. Fixes bug 19973; bugfix on
+      0.2.8.2-alpha.
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 820724adea..28d286cd72 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1777,6 +1777,8 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags,
   const node_t *rp_node = NULL;
   const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
+  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
 
   smartlist_t *whitelisted_live_rps = smartlist_new();
   smartlist_t *all_live_nodes = smartlist_new();
@@ -1787,7 +1789,9 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags,
   router_add_running_nodes_to_smartlist(all_live_nodes,
                                         allow_invalid,
                                         0, 0, 0,
-                                        need_desc, 0);
+                                        need_desc,
+                                        pref_addr,
+                                        direct_conn);
 
   /* Filter all_live_nodes to only add live *and* whitelisted RPs to
    * the list whitelisted_live_rps. */
@@ -2155,7 +2159,8 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
   const or_options_t *options = get_options();
   /* If possible, choose an entry server with a preferred address,
    * otherwise, choose one with an allowed address */
-  router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR;
+  router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR|
+                              CRN_DIRECT_CONN);
   const node_t *node;
 
   if (state && options->UseEntryGuards &&
diff --git a/src/or/or.h b/src/or/or.h
index 2252f38161..da84128530 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -5255,7 +5255,10 @@ typedef enum {
   CRN_WEIGHT_AS_EXIT = 1<<5,
   CRN_NEED_DESC = 1<<6,
   /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
-  CRN_PREF_ADDR = 1<<7
+  CRN_PREF_ADDR = 1<<7,
+  /* On clients, only provide nodes that we can connect to directly, based on
+   * our firewall rules */
+  CRN_DIRECT_CONN = 1<<8
 } router_crn_flags_t;
 
 /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index c3588726f7..64baf4d709 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2017,7 +2017,7 @@ void
 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
                                       int need_uptime, int need_capacity,
                                       int need_guard, int need_desc,
-                                      int pref_addr)
+                                      int pref_addr, int direct_conn)
 {
   const int check_reach = !router_skip_or_reachability(get_options(),
                                                        pref_addr);
@@ -2032,10 +2032,10 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
       continue;
     if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
       continue;
-    /* Choose a node with an OR address that matches the firewall rules */
-    if (check_reach && !fascist_firewall_allows_node(node,
-                                                     FIREWALL_OR_CONNECTION,
-                                                     pref_addr))
+    /* Choose a node with an OR address that matches the firewall rules,
+     * if we are making a direct connection */
+    if (direct_conn && check_reach &&
+        !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr))
       continue;
 
     smartlist_add(sl, (void *)node);
@@ -2515,6 +2515,7 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
   const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
   const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
 
   smartlist_t *sl=smartlist_new(),
     *excludednodes=smartlist_new();
@@ -2540,7 +2541,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
 
   router_add_running_nodes_to_smartlist(sl, allow_invalid,
                                         need_uptime, need_capacity,
-                                        need_guard, need_desc, pref_addr);
+                                        need_guard, need_desc, pref_addr,
+                                        direct_conn);
   log_debug(LD_CIRC,
            "We found %d running nodes.",
             smartlist_len(sl));
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index 67cc253c5a..cb5b42a3b8 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -62,7 +62,7 @@ int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2);
 void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
                                            int need_uptime, int need_capacity,
                                            int need_guard, int need_desc,
-                                           int pref_addr);
+                                           int pref_addr, int direct_conn);
 
 const routerinfo_t *routerlist_find_my_routerinfo(void);
 uint32_t router_get_advertised_bandwidth(const routerinfo_t *router);