diff options
| -rw-r--r-- | changes/bug4657 | 4 | ||||
| -rw-r--r-- | src/or/config.c | 6 | ||||
| -rw-r--r-- | src/or/router.c | 2 |
3 files changed, 11 insertions, 1 deletions
diff --git a/changes/bug4657 b/changes/bug4657 new file mode 100644 index 0000000000..4d9dd7d0a3 --- /dev/null +++ b/changes/bug4657 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - If the configuration tries to set MyFamily on a bridge, refuse to + do so, and warn about the security implications. Fix for bug 4657; + bugfix on 0.2.0.3-alpha. diff --git a/src/or/config.c b/src/or/config.c index ce90c41154..090d96c155 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -3936,6 +3936,12 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->UseEntryGuards && ! options->NumEntryGuards) REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0"); + if (options->MyFamily && options->BridgeRelay) { + log_warn(LD_CONFIG, "Listing a family for a bridge relay is not " + "supported: it can reveal bridge fingerprints to censors. " + "You should also make sure you aren't listing this bridge's " + "fingerprint in any other MyFamily."); + } if (check_nickname_list(options->MyFamily, "MyFamily", msg)) return -1; for (cl = options->NodeFamilies; cl; cl = cl->next) { diff --git a/src/or/router.c b/src/or/router.c index b98bb39b1c..352c456f1f 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1598,7 +1598,7 @@ router_rebuild_descriptor(int force) ri->is_valid = ri->is_named = 1; /* believe in yourself */ #endif - if (options->MyFamily) { + if (options->MyFamily && ! options->BridgeRelay) { smartlist_t *family; if (!warned_nonexistent_family) warned_nonexistent_family = smartlist_new(); |