bridge: Don't initiate connection without a transport

Don't pick the bridge as the guard or launch descriptor fetch if no transport
is found.

Fixes #40106

Signed-off-by: David Goulet <dgoulet@torproject.org>

2 files changed, 12 insertions, 0 deletions

diff --git a/src/feature/client/bridges.c b/src/feature/client/bridges.c
index 8e2bb01661..11b2ffd62d 100644
--- a/src/feature/client/bridges.c
+++ b/src/feature/client/bridges.c
@@ -656,6 +656,15 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
       DIR_PURPOSE_FETCH_SERVERDESC))
     return; /* it's already on the way */
 
+  if (transport_get_by_name(bridget_get_transport_name(bridge)) == NULL) {
+    download_status_mark_impossible(&bridge->fetch_status);
+    log_warn(LD_CONFIG, "Can't use bridge at %s: there is no configured "
+             "transport called \"%s\".",
+             safe_str_client(fmt_and_decorate_addr(&bridge->addr)),
+             bridget_get_transport_name(bridge));
+    return; /* Can't use this bridge; it has not */
+  }
+
   if (routerset_contains_bridge(options->ExcludeNodes, bridge)) {
     download_status_mark_impossible(&bridge->fetch_status);
     log_warn(LD_APP, "Not using bridge at %s: it is in ExcludeNodes.",
diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c
index 82866ea668..2676df6aae 100644
--- a/src/feature/client/entrynodes.c
+++ b/src/feature/client/entrynodes.c
@@ -804,6 +804,9 @@ get_sampled_guard_for_bridge(guard_selection_t *gs,
   entry_guard_t *guard;
   if (BUG(!addrport))
     return NULL; // LCOV_EXCL_LINE
+  if (!transport_get_by_name(bridget_get_transport_name(bridge))) {
+    return NULL;
+  }
   guard = get_sampled_guard_by_bridge_addr(gs, addrport);
   if (! guard || (id && tor_memneq(id, guard->identity, DIGEST_LEN)))
     return NULL;