Merge remote branch 'arma/bug2510' into maint-0.2.2

2024-11-10 21:23:58 +01:00 · 2011-03-14 16:14:54 -04:00 · 2011-03-14 16:14:54 -04:00 · 0588330c1d
commit 0588330c1d
parent b639add1a0 cb101c4815
5 changed files with 56 additions and 1 deletions
--- a/changes/bug2510
+++ b/changes/bug2510
@ -0,0 +1,8 @@
+  o Major bugfixes:
+    - Fix a bug where bridge users who configure the non-canonical
+      address of a bridge automatically switch to its canonical
+      address. If a bridge listens at more than one address, it should be
+      able to advertise those addresses independently and any non-blocked
+      addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes
+      bug 2510.
+
--- a/changes/bug2511
+++ b/changes/bug2511
@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - If you configured Tor to use bridge A, and then quit and
+      configured Tor to use bridge B instead, it would happily continue
+      to use bridge A if it's still reachable. While this behavior is
+      a feature if your goal is connectivity, in some scenarios it's a
+      dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511.
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -4671,6 +4671,29 @@ fetch_bridge_descriptors(or_options_t *options, time_t now)
  SMARTLIST_FOREACH_END(bridge);
 }

+/** If our <b>bridge</b> is configured to be a different address than
+ * the bridge gives in its routerinfo <b>ri</b>, rewrite the routerinfo
+ * we received to use the address we meant to use. Now we handle
+ * multihomed bridges better.
+ */
+static void
+rewrite_routerinfo_address_for_bridge(bridge_info_t *bridge, routerinfo_t *ri)
+{
+  tor_addr_t addr;
+  tor_addr_from_ipv4h(&addr, ri->addr);
+
+  if (!tor_addr_compare(&bridge->addr, &addr, CMP_EXACT) &&
+      bridge->port == ri->or_port)
+    return; /* they match, so no need to do anything */
+
+  ri->addr = tor_addr_to_ipv4h(&bridge->addr);
+  tor_free(ri->address);
+  ri->address = tor_dup_ip(ri->addr);
+  ri->or_port = bridge->port;
+  log_info(LD_DIR, "Adjusted bridge '%s' to match configured address %s:%d.",
+           ri->nickname, ri->address, ri->or_port);
+}
+
 /** We just learned a descriptor for a bridge. See if that
 * digest is in our entry guard list, and add it if not. */
 void
@ -4689,6 +4712,8 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
      if (!from_cache)
        download_status_reset(&bridge->fetch_status);

+      rewrite_routerinfo_address_for_bridge(bridge, ri);
+
      add_an_entry_guard(ri, 1);
      log_notice(LD_DIR, "new bridge descriptor '%s' (%s)", ri->nickname,
                 from_cache ? "cached" : "fresh");
--- a/src/or/or.h
+++ b/src/or/or.h
@ -3513,6 +3513,7 @@ typedef enum was_router_added_t {
  ROUTER_NOT_IN_CONSENSUS = -3,
  ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4,
  ROUTER_AUTHDIR_REJECTS = -5,
+  ROUTER_WAS_NOT_WANTED = -6
 } was_router_added_t;

 /********************************* routerparse.c ************************/
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -3209,7 +3209,8 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
                         int from_cache, int from_fetch)
 {
  const char *id_digest;
-  int authdir = authdir_mode_handles_descs(get_options(), router->purpose);
+  or_options_t *options = get_options();
+  int authdir = authdir_mode_handles_descs(options, router->purpose);
  int authdir_believes_valid = 0;
  routerinfo_t *old_router;
  networkstatus_t *consensus = networkstatus_get_latest_consensus();
@ -3314,6 +3315,20 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
    return ROUTER_NOT_IN_CONSENSUS;
  }

+  /* If we're reading a bridge descriptor from our cache, and we don't
+   * recognize it as one of our currently configured bridges, drop the
+   * descriptor. Otherwise we could end up using it as one of our entry
+   * guards even if it isn't in our Bridge config lines. */
+  if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache &&
+      !authdir_mode_bridge(options) &&
+      !routerinfo_is_a_configured_bridge(router)) {
+    log_info(LD_DIR, "Dropping bridge descriptor for '%s' because we have "
+             "no bridge configured at that address.", router->nickname);
+    *msg = "Router descriptor was not a configured bridge.";
+    routerinfo_free(router);
+    return ROUTER_WAS_NOT_WANTED;
+  }
+
  /* If we have a router with the same identity key, choose the newer one. */
  if (old_router) {
    if (!in_consensus && (router->cache_info.published_on <=