From 6ab07419c88e35c6d8610e20fb3cea16e39c8acd Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 28 Nov 2017 19:02:00 -0500 Subject: Use local descriptor object to exclude self in path selection TROVE-2017-12. Severity: Medium When choosing a random node for a circuit, directly use our router descriptor to exclude ourself instead of the one in the global descriptor list. That list could be empty because tor could be downloading them which could lead to not excluding ourself. Closes #21534 --- src/or/routerlist.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 07e87724ba..3bf1eb8956 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2411,7 +2411,10 @@ router_choose_random_node(smartlist_t *excludedsmartlist, }); } - if ((r = routerlist_find_my_routerinfo())) + /* If the node_t is not found we won't be to exclude ourself but we + * won't be able to pick ourself in router_choose_random_node() so + * this is fine to at least try with our routerinfo_t object. */ + if ((r = router_get_my_routerinfo())) routerlist_add_node_and_family(excludednodes, r); router_add_running_nodes_to_smartlist(sl, allow_invalid, -- cgit v1.2.3-54-g00ecf