From 665baf5ed5c6186d973c46cdea165c0548027350 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 28 Jun 2017 11:41:50 -0400 Subject: Consider the exit family when applying guard restrictions. When the new path selection logic went into place, I accidentally dropped the code that considered the _family_ of the exit node when deciding if the guard was usable, and we didn't catch that during code review. This patch makes the guard_restriction_t code consider the exit family as well, and adds some (hopefully redundant) checks for the case where we lack a node_t for a guard but we have a bridge_info_t for it. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-006 and CVE-2017-0377. --- src/or/nodelist.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/or/nodelist.h') diff --git a/src/or/nodelist.h b/src/or/nodelist.h index 8456d21c6c..4e5301df6b 100644 --- a/src/or/nodelist.h +++ b/src/or/nodelist.h @@ -94,6 +94,8 @@ int node_is_unreliable(const node_t *router, int need_uptime, int router_exit_policy_all_nodes_reject(const tor_addr_t *addr, uint16_t port, int need_uptime); void router_set_status(const char *digest, int up); +int addrs_in_same_network_family(const tor_addr_t *a1, + const tor_addr_t *a2); /** router_have_minimum_dir_info tests to see if we have enough * descriptor information to create circuits. -- cgit v1.2.3-54-g00ecf