don't use old non-configured bridges (bug 2511)

1 files changed, 13 insertions, 0 deletions

diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 6d6386292f..bbd08f39ef 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -3314,6 +3314,19 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
     return ROUTER_NOT_IN_CONSENSUS;
   }
 
+  /* If we're reading a bridge descriptor from our cache, and we don't
+   * recognize it as one of our currently configured bridges, drop the
+   * descriptor. Otherwise we could end up using it as one of our entry
+   * guards even if it isn't in our Bridge config lines. */
+  if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache &&
+      !routerinfo_is_a_configured_bridge(router)) {
+    log_info(LD_DIR, "Dropping bridge descriptor for '%s' because we have "
+             "no bridge configured at that address.", router->nickname);
+    *msg = "Router descriptor was not a configured bridge.";
+    routerinfo_free(router);
+    return ROUTER_WAS_NOT_NEW;
+  }
+
   /* If we have a router with the same identity key, choose the newer one. */
   if (old_router) {
     if (!in_consensus && (router->cache_info.published_on <=