summaryrefslogtreecommitdiff
path: root/src/or/nodelist.h
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-06-28 11:41:50 -0400
committerNick Mathewson <nickm@torproject.org>2017-06-29 09:57:00 -0400
commit665baf5ed5c6186d973c46cdea165c0548027350 (patch)
treeb079326e84dd888dcea50f7192e5ccf319579f48 /src/or/nodelist.h
parenta242d194c74b318b8ee4b347efd09ed13d0d2549 (diff)
downloadtor-665baf5ed5c6186d973c46cdea165c0548027350.tar.gz
tor-665baf5ed5c6186d973c46cdea165c0548027350.zip
Consider the exit family when applying guard restrictions.
When the new path selection logic went into place, I accidentally dropped the code that considered the _family_ of the exit node when deciding if the guard was usable, and we didn't catch that during code review. This patch makes the guard_restriction_t code consider the exit family as well, and adds some (hopefully redundant) checks for the case where we lack a node_t for a guard but we have a bridge_info_t for it. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006 and CVE-2017-0377.
Diffstat (limited to 'src/or/nodelist.h')
-rw-r--r--src/or/nodelist.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/or/nodelist.h b/src/or/nodelist.h
index 8456d21c6c..4e5301df6b 100644
--- a/src/or/nodelist.h
+++ b/src/or/nodelist.h
@@ -94,6 +94,8 @@ int node_is_unreliable(const node_t *router, int need_uptime,
int router_exit_policy_all_nodes_reject(const tor_addr_t *addr, uint16_t port,
int need_uptime);
void router_set_status(const char *digest, int up);
+int addrs_in_same_network_family(const tor_addr_t *a1,
+ const tor_addr_t *a2);
/** router_have_minimum_dir_info tests to see if we have enough
* descriptor information to create circuits.