diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-08-06 11:21:00 -0400 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2020-08-25 16:02:59 +0300 |
commit | 75772ea096e030ecc79f67b1444cac42aaed7449 (patch) | |
tree | 8e57eb6030219302ffbd92ce63d83e0000ebe9aa /changes/bug20165 | |
parent | afd88ee87fa27fd7f9d9f63222ac472cdd975f68 (diff) | |
download | tor-75772ea096e030ecc79f67b1444cac42aaed7449.tar.gz tor-75772ea096e030ecc79f67b1444cac42aaed7449.zip |
Validate address more carefully when checking self-reachability
Previously, we would treat *any* incoming circuit on a non-local
channel as meaning that our ORPort was reachable. With this patch,
we make sure that the address that the peer _says_ we have is the
same as the one we're trying to advertise right now.
Closes 20165. Bugfix on 4f5192b2803c706 in 0.1.0.1-rc, when
reachability self-tests were first introduced.
Diffstat (limited to 'changes/bug20165')
-rw-r--r-- | changes/bug20165 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/bug20165 b/changes/bug20165 new file mode 100644 index 0000000000..bbe9f00032 --- /dev/null +++ b/changes/bug20165 @@ -0,0 +1,6 @@ + o Minor bugfixes (self-testing): + - When receiving an incoming circuit, only accept it as evidence that we + are reachable if the declared address of its channel is the same + address we think that we have. Otherwise, it could be evidence that + we're reachable on some other address. Fixes bug 20165; bugfix on + 0.1.0.1-rc. |