2 files changed, 19 insertions, 2 deletions

diff --git a/changes/bug13718-avoid-excluding-guards b/changes/bug13718-avoid-excluding-guards
new file mode 100644
index 0000000000..bf80d2a7e7
--- /dev/null
+++ b/changes/bug13718-avoid-excluding-guards
@@ -0,0 +1,8 @@
+  o Minor bugfixes:
+    - Avoid excluding guards from path building in minimal test networks,
+      when we're in a test network, and excluding guards would exclude
+      all nodes. This typically occurs in incredibly small tor networks,
+      and those using TestingAuthVoteGuard *
+      This fix only applies to minimal, testing tor networks,
+      so it's no less secure.
+      Discovered as part of #13718.
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 36ccdc9d5f..a834e7b7fc 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2053,9 +2053,18 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
         smartlist_add(excluded, (void*)node);
     });
   }
-  /* and exclude current entry guards and their families, if applicable */
+  /* and exclude current entry guards and their families,
+   * unless we're in a test network, and excluding guards
+   * would exclude all nodes (i.e. we're in an incredibly small tor network,
+   * or we're using TestingAuthVoteGuard *).
+   * This is an incomplete fix, but is no worse than the previous behaviour,
+   * and only applies to minimal, testing tor networks
+   * (so it's no less secure) */
   /*XXXX025 use the using_as_guard flag to accomplish this.*/
-  if (options->UseEntryGuards) {
+  if (options->UseEntryGuards
+      && (!options->TestingTorNetwork ||
+          smartlist_len(nodelist_get_list()) > smartlist_len(get_entry_guards())
+     )) {
     SMARTLIST_FOREACH(get_entry_guards(), const entry_guard_t *, entry,
       {
         if ((node = node_get_by_id(entry->identity))) {