diff options
| author | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-10-12 20:29:11 +0200 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2022-11-28 10:25:06 -0500 |
| commit | 15efc25fb502474b8a4f2ee8cb03bd5d185a3f47 (patch) | |
| tree | 498d3fe4c1453f406cd88a7dae81e412e610bfc3 /src/feature/relay/dns.c | |
| parent | be7afe658e5fc6745a369d6fb3fbc4bb6037da18 (diff) | |
| download | tor-15efc25fb502474b8a4f2ee8cb03bd5d185a3f47.tar.gz tor-15efc25fb502474b8a4f2ee8cb03bd5d185a3f47.zip | |
dns: Make TTLs fuzzy at exit relays
This change mitigates DNS-based website oracles by making the time that
a domain name is cached uncertain (+- 4 minutes of what's measurable).
Resolves TROVE-2021-009.
Fixes #40674
Diffstat (limited to 'src/feature/relay/dns.c')
| -rw-r--r-- | src/feature/relay/dns.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index b15e5f30c7..8b684fd9eb 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -1637,7 +1637,7 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses, } if (result != DNS_ERR_SHUTDOWN) dns_found_answer(string_address, orig_query_type, - result, &addr, hostname, clip_dns_ttl(ttl)); + result, &addr, hostname, clip_dns_fuzzy_ttl(ttl)); tor_free(arg_); } |