diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | doc/tor.1.in | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 8 | ||||
| -rw-r--r-- | src/or/rendservice.c | 6 | ||||
| -rw-r--r-- | src/or/routerparse.c | 4 |
5 files changed, 19 insertions, 5 deletions
@@ -13,6 +13,8 @@ Changes in version 0.2.2.2-alpha - 2009-09-?? Found by Matt Edman. Bugfix on 0.2.0.16-alpha. - Fix parsing for memory or time units given without a space between the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076. + - A networkstatus vote must contain exactly one signature. Spec + conformance issue. Bugfix on 0.2.0.3-alpha. Changes in version 0.2.2.1-alpha - 2009-08-26 @@ -163,6 +165,8 @@ Changes in version 0.2.1.20 - 2009-??-?? excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. + - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config + options. Should fix bug 1090. Bugfix on 0.0.2-pre16. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller diff --git a/doc/tor.1.in b/doc/tor.1.in index b6e35f8bdd..a4dac0e077 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -1519,7 +1519,7 @@ The most recently downloaded network status document for each authority. Each f .LP .TP .B \fIDataDirectory\fB/cached-descriptors\fR and \fBcached-descriptors.new\fR -These files hold downloaded router statuses. Some routers may appear more than once; if so, the most recently published descriptor is used. Lines beginning with @-signs are annotations that contain more information about a given router. The ".new" file is an append-only journal; when it gets too large, all entries are merged into a new cached-routers file. +These files hold downloaded router statuses. Some routers may appear more than once; if so, the most recently published descriptor is used. Lines beginning with @-signs are annotations that contain more information about a given router. The ".new" file is an append-only journal; when it gets too large, all entries are merged into a new cached-descriptors file. .LP .TP .B \fIDataDirectory\fB/cached-routers\fR and \fBcached-routers.new\fR diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index f25202725e..478bdf2b24 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2838,11 +2838,13 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) /** Return 1 if router <b>exit</b> is likely to allow stream <b>conn</b> * to exit from it, or 0 if it probably will not allow it. * (We might be uncertain if conn's destination address has not yet been - * resolved.) + * resolved.) If the router is in the list of excluded nodes, also return 0; */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) { + or_options_t *options = get_options(); + tor_assert(conn); tor_assert(conn->_base.type == CONN_TYPE_AP); tor_assert(conn->socks_request); @@ -2888,6 +2890,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy)) return 0; } + if (options->_ExcludeExitNodesUnion && + routerset_contains_router(options->_ExcludeExitNodesUnion, exit)) + return 0; + return 1; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 71cf762b6f..7ae6009958 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -921,7 +921,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, len = r; if (*buf == 3) { /* Version 3 INTRODUCE2 cell. */ - time_t ts = 0, now = time(NULL); + time_t ts = 0; v3_shift = 1; auth_type = buf[1]; switch (auth_type) { @@ -1100,7 +1100,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, circ_needs_uptime = rend_service_requires_uptime(service); /* help predict this next time */ - rep_hist_note_used_internal(time(NULL), circ_needs_uptime, 1); + rep_hist_note_used_internal(now, circ_needs_uptime, 1); /* Launch a circuit to alice's chosen rendezvous point. */ @@ -1136,7 +1136,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, launched->build_state->pending_final_cpath = cpath = tor_malloc_zero(sizeof(crypt_path_t)); cpath->magic = CRYPT_PATH_MAGIC; - launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT; + launched->build_state->expiry_time = now + MAX_REND_TIMEOUT; cpath->dh_handshake_state = dh; dh = NULL; diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 4f88603c33..e35ece06de 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2655,6 +2655,10 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, if (! n_signatures) { log_warn(LD_DIR, "No signatures on networkstatus vote."); goto err; + } else if (ns->type == NS_TYPE_VOTE && n_signatures != 1) { + log_warn(LD_DIR, "Received more than one signature on a " + "network-status vote."); + goto err; } if (eos_out) |