bug 4115: make bridges use begindir for their dir fetches

removes another avenue for enumerating bridges.
2024-11-10 13:13:44 +01:00 · 2011-09-28 14:50:43 -04:00 · 2011-09-28 14:50:43 -04:00 · 0b5d2646d5
commit 0b5d2646d5
parent 1c2e4d1336
2 changed files with 8 additions and 2 deletions
--- a/changes/bug4115
+++ b/changes/bug4115
@ -0,0 +1,7 @@
+  o Security fixes:
+    - Bridge relays now do their directory fetches inside Tor TLS
+      connections, like all the other clients do, rather than connecting
+      directly to the DirPort like public relays do. Removes another
+      avenue for enumerating bridges. Fixes part of bug 4115; bugfix
+      on 0.2.0.35.
+
--- a/src/or/directory.c
+++ b/src/or/directory.c
@ -785,8 +785,7 @@ directory_command_should_use_begindir(or_options_t *options,
    return 0; /* We don't know an ORPort -- no chance. */
  if (!anonymized_connection)
    if (!fascist_firewall_allows_address_or(addr, or_port) ||
-        directory_fetches_from_authorities(options) ||
-        (server_mode(options) && !options->Address))
+        directory_fetches_from_authorities(options))
      return 0; /* We're firewalled or are acting like a relay -- also no. */
  if (!options->TunnelDirConns &&
      router_purpose != ROUTER_PURPOSE_BRIDGE)