From f367453cb5a9ea5cb0d5664425256d7abbcbb407 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 27 Jun 2017 12:01:46 -0400 Subject: Mark descriptors as undownloadable when dirserv_add_() rejects them As of ac2f6b608a18a8595f62384788196d7c3f2875fd in 0.2.1.19-alpha, Sebastian fixed bug 888 by marking descriptors as "impossible" by digest if they got rejected during the router_load_routers_from_string() phase. This fix stopped clients and relays from downloading the same thing over and over. But we never made the same change for descriptors rejected during dirserv_add_{descriptor,extrainfo}. Instead, we tried to notice in advance that we'd reject them with dirserv_would_reject(). This notice-in-advance check stopped working once we added key-pinning and didn't make a corresponding key-pinning change to dirserv_would_reject() [since a routerstatus_t doesn't include an ed25519 key]. So as a fix, let's make the dirserv_add_*() functions mark digests as undownloadable when they are rejected. Fixes bug 22349; I am calling this a fix on 0.2.1.19-alpha, though you could also argue for it being a fix on 0.2.7.2-alpha. --- changes/bug22349 | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 changes/bug22349 (limited to 'changes') diff --git a/changes/bug22349 b/changes/bug22349 new file mode 100644 index 0000000000..bb43404bfe --- /dev/null +++ b/changes/bug22349 @@ -0,0 +1,9 @@ + o Minor bugfixes (directory authority): + - When a directory authority rejects a descriptor or extrainfo with + a given digest, mark that digest as undownloadable, so that we + do not attempt to download it again over and over. We previously + tried to avoid downloading such descriptors by other means, but + we didn't notice if we accidentally downloaded one anyway. This + behavior became problematic in 0.2.7.2-alpha, when authorities + began pinning Ed25519 keys. Fixes ticket + 22349; bugfix on 0.2.1.19-alpha. -- cgit v1.2.3-54-g00ecf