Use local descriptor object to exclude self in path selection

TROVE-2017-12. Severity: Medium When choosing a random node for a circuit, directly use our router descriptor to exclude ourself instead of the one in the global descriptor list. That list could be empty because tor could be downloading them which could lead to not excluding ourself. Closes #21534
author: David Goulet <dgoulet@torproject.org> 2017-11-28 19:02:00 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-28 19:14:10 -0500
commit: 6ab07419c88e35c6d8610e20fb3cea16e39c8acd (patch)
tree: a2926efbd7f6c731c3f78600a27a3bd91592bc31 /changes
parent: 831d3b794da65b03be7e4fd107ba209d7211de76 (diff)
download: tor-6ab07419c88e35c6d8610e20fb3cea16e39c8acd.tar.gz
tor-6ab07419c88e35c6d8610e20fb3cea16e39c8acd.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1
new file mode 100644
index 0000000000..9fccc2cf65
--- /dev/null
+++ b/changes/trove-2017-012-part1
@@ -0,0 +1,6 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never build a path through
+      ourselves, even in the case where we have somehow lost the version of
+      our descriptor appearing in the consensus. Fixes part of bug 21534;
+      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
author	David Goulet <dgoulet@torproject.org>	2017-11-28 19:02:00 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-28 19:14:10 -0500
commit	6ab07419c88e35c6d8610e20fb3cea16e39c8acd (patch)
tree	a2926efbd7f6c731c3f78600a27a3bd91592bc31 /changes
parent	831d3b794da65b03be7e4fd107ba209d7211de76 (diff)
download	tor-6ab07419c88e35c6d8610e20fb3cea16e39c8acd.tar.gz tor-6ab07419c88e35c6d8610e20fb3cea16e39c8acd.zip