From 5145b503a248d45e38f4f15aa3c6bd7f20604d69 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Fri, 15 Dec 2006 00:07:50 +0000
Subject: - Stop sending the HttpProxyAuthenticator string to directory  
 servers when directory connections are tunnelled through Tor.

svn:r9110
---
 ChangeLog          |  4 +++-
 src/or/directory.c | 10 +++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c163bac68d..1dab2993e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
-Changes in version 0.1.1.26 - 200?-??-??
+Changes in version 0.1.1.26 - 2006-12-14
   o Security bugfixes:
+    - Stop sending the HttpProxyAuthenticator string to directory
+      servers when directory connections are tunnelled through Tor.
     - Do not log introduction points for hidden services if SafeLogging
       is set.
 
diff --git a/src/or/directory.c b/src/or/directory.c
index 5858cea24f..670893da56 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -39,7 +39,7 @@ directory_initiate_command(const char *address, uint32_t addr, uint16_t port,
 
 static void
 directory_send_command(connection_t *conn, const char *platform,
-                       int purpose, const char *resource,
+                       int purpose, int direct, const char *resource,
                        const char *payload, size_t payload_len);
 static int directory_handle_command(connection_t *conn);
 static int body_is_plausible(const char *body, size_t body_len, int purpose);
@@ -403,7 +403,7 @@ directory_initiate_command(const char *address, uint32_t addr,
         /* fall through */
       case 0:
         /* queue the command on the outbuf */
-        directory_send_command(conn, platform, purpose, resource,
+        directory_send_command(conn, platform, purpose, 1, resource,
                                payload, payload_len);
         connection_watch_events(conn, EV_READ | EV_WRITE);
         /* writable indicates finish, readable indicates broken link,
@@ -428,7 +428,7 @@ directory_initiate_command(const char *address, uint32_t addr,
     }
     conn->state = DIR_CONN_STATE_CLIENT_SENDING;
     /* queue the command on the outbuf */
-    directory_send_command(conn, platform, purpose, resource,
+    directory_send_command(conn, platform, purpose, 0, resource,
                            payload, payload_len);
     connection_watch_events(conn, EV_READ | EV_WRITE);
   }
@@ -439,7 +439,7 @@ directory_initiate_command(const char *address, uint32_t addr,
  */
 static void
 directory_send_command(connection_t *conn, const char *platform,
-                       int purpose, const char *resource,
+                       int purpose, int direct, const char *resource,
                        const char *payload, size_t payload_len)
 {
   char proxystring[256];
@@ -466,7 +466,7 @@ directory_send_command(connection_t *conn, const char *platform,
   }
 
   /* come up with some proxy lines, if we're using one. */
-  if (get_options()->HttpProxy) {
+  if (direct && get_options()->HttpProxy) {
     char *base64_authenticator=NULL;
     const char *authenticator = get_options()->HttpProxyAuthenticator;
 
-- 
cgit v1.2.3-54-g00ecf