8 files changed, 48 insertions, 6 deletions

diff --git a/src/or/bridges.c b/src/or/bridges.c
index 88154c6c8a..0b4588307c 100644
--- a/src/or/bridges.c
+++ b/src/or/bridges.c
@@ -547,6 +547,7 @@ static void
 launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
 {
   const or_options_t *options = get_options();
+  circuit_guard_state_t *guard_state = NULL;
 
   if (connection_get_by_type_addr_port_purpose(
       CONN_TYPE_DIR, &bridge->addr, bridge->port,
@@ -570,12 +571,15 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
     return;
   }
 
+  guard_state = get_guard_state_for_bridge_desc_fetch(bridge->identity);
+
   directory_initiate_command(&bridge->addr, bridge->port,
                              NULL, 0, /*no dirport*/
                              bridge->identity,
                              DIR_PURPOSE_FETCH_SERVERDESC,
                              ROUTER_PURPOSE_BRIDGE,
-                             DIRIND_ONEHOP, "authority.z", NULL, 0, 0);
+                             DIRIND_ONEHOP, "authority.z", NULL, 0, 0,
+                             guard_state);
 }
 
 /** Fetching the bridge descriptor from the bridge authority returned a
diff --git a/src/or/directory.c b/src/or/directory.c
index 70437fe755..edd07af95c 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1131,6 +1131,7 @@ directory_command_should_use_begindir(const or_options_t *options,
  * <b>router_purpose</b>, making an (in)direct connection as specified in
  * <b>indirection</b>, with command <b>resource</b>, <b>payload</b> of
  * <b>payload_len</b>, and asking for a result only <b>if_modified_since</b>.
+ * If <b>guard_state</b> is set, assign it to the directory circuit.
  */
 void
 directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
@@ -1139,7 +1140,8 @@ directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
                            uint8_t dir_purpose, uint8_t router_purpose,
                            dir_indirection_t indirection, const char *resource,
                            const char *payload, size_t payload_len,
-                           time_t if_modified_since)
+                           time_t if_modified_since,
+                           circuit_guard_state_t *guard_state)
 {
   tor_addr_port_t or_ap, dir_ap;
 
@@ -1166,7 +1168,7 @@ directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
                              digest, dir_purpose,
                              router_purpose, indirection,
                              resource, payload, payload_len,
-                             if_modified_since, NULL, NULL);
+                             if_modified_since, NULL, guard_state);
 }
 
 /** Same as directory_initiate_command(), but accepts rendezvous data to
diff --git a/src/or/directory.h b/src/or/directory.h
index 8be1f8e76e..1459c3bbdb 100644
--- a/src/or/directory.h
+++ b/src/or/directory.h
@@ -79,7 +79,8 @@ void directory_initiate_command(const tor_addr_t *or_addr, uint16_t or_port,
                                 dir_indirection_t indirection,
                                 const char *resource,
                                 const char *payload, size_t payload_len,
-                                time_t if_modified_since);
+                                time_t if_modified_since,
+                                struct circuit_guard_state_t *guard_state);
 
 #define DSR_HEX       (1<<0)
 #define DSR_BASE64    (1<<1)
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index ccb080880c..cdebf2e43e 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2977,6 +2977,34 @@ entry_guard_get_by_id_digest(const char *digest)
       get_guard_selection_info(), digest);
 }
 
+/** We are about to connect to bridge with identity <b>digest</b> to fetch its
+ *  descriptor. Create a new guard state for this connection and return it. */
+circuit_guard_state_t *
+get_guard_state_for_bridge_desc_fetch(const char *digest)
+{
+  circuit_guard_state_t *guard_state = NULL;
+  entry_guard_t *guard = NULL;
+
+  guard = entry_guard_get_by_id_digest_for_guard_selection(
+                                    get_guard_selection_info(), digest);
+  if (!guard) {
+    return NULL;
+  }
+
+  /* Update the guard last_tried_to_connect time since it's checked by the
+   * guard susbsystem. */
+  guard->last_tried_to_connect = approx_time();
+
+  /* Create the guard state */
+  guard_state = tor_malloc_zero(sizeof(circuit_guard_state_t));
+  guard_state->guard = entry_guard_handle_new(guard);
+  guard_state->state = GUARD_CIRC_STATE_USABLE_ON_COMPLETION;
+  guard_state->state_set_at = approx_time();
+  guard_state->restrictions = NULL;
+
+  return guard_state;
+}
+
 /** Release all storage held by <b>e</b>. */
 STATIC void
 entry_guard_free(entry_guard_t *e)
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 6ccc48f32f..32cfff73be 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -324,6 +324,10 @@ const node_t *guards_choose_dirguard(circuit_guard_state_t **guard_state_out);
 entry_guard_t *entry_guard_get_by_id_digest_for_guard_selection(
     guard_selection_t *gs, const char *digest);
 entry_guard_t *entry_guard_get_by_id_digest(const char *digest);
+
+circuit_guard_state_t *
+get_guard_state_for_bridge_desc_fetch(const char *digest);
+
 void entry_guards_changed_for_guard_selection(guard_selection_t *gs);
 void entry_guards_changed(void);
 guard_selection_t * get_guard_selection_info(void);
diff --git a/src/or/router.c b/src/or/router.c
index f6b03cde27..2707e028b8 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1391,7 +1391,8 @@ consider_testing_reachability(int test_or, int test_dir)
                                me->cache_info.identity_digest,
                                DIR_PURPOSE_FETCH_SERVERDESC,
                                ROUTER_PURPOSE_GENERAL,
-                               DIRIND_ANON_DIRPORT, "authority.z", NULL, 0, 0);
+                               DIRIND_ANON_DIRPORT, "authority.z",
+                               NULL, 0, 0, NULL);
   }
 }
 
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 45b3838792..b68db750c3 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -961,7 +961,7 @@ authority_certs_fetch_resource_impl(const char *resource,
                                DIR_PURPOSE_FETCH_CERTIFICATE,
                                0,
                                indirection,
-                               resource, NULL, 0, 0);
+                               resource, NULL, 0, 0, NULL);
     return;
   }
 
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 98167d44f8..0336c035b4 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -4894,6 +4894,8 @@ tor_version_parse(const char *s, tor_version_t *out)
 
 #define NUMBER(m)                               \
   do {                                          \
+    if (!cp || *cp < '0' || *cp > '9')          \
+      return -1;                                \
     out->m = (int)tor_parse_uint64(cp, 10, 0, INT32_MAX, &ok, &eos);    \
     if (!ok)                                    \
       return -1;                                \