From 2af14b671da59a34e05c5240e9b30e5417893ddc Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 22 Nov 2010 11:16:36 -0500 Subject: [PATCH 1/3] Have authorities reject routers running verions susceptible to bug 1038. --- changes/bug2081_followup | 6 ++++++ src/or/dirserv.c | 5 +++++ 2 files changed, 11 insertions(+) create mode 100644 changes/bug2081_followup diff --git a/changes/bug2081_followup b/changes/bug2081_followup new file mode 100644 index 0000000000..fbb44653ab --- /dev/null +++ b/changes/bug2081_followup @@ -0,0 +1,6 @@ + o Minor features (authorities) + - Directory authorities now reject server running any version of + Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have + known bugs that keep RELAY_EARY cells from working on rendezvous + circuits. Followup to fix for bug 2081. + diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 42d7d561ce..4cd6123f4c 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -393,6 +393,11 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname, if (msg) *msg = "Tor version is far too old to work."; return FP_REJECT; + } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha") + && !tor_version_as_new_as(platform, "0.2.1.19")) { + if (msg) + *msg = "Tor version is too buggy to work."; + return FP_REJECT; } result = dirserv_get_name_status(id_digest, nickname); From 8f31a9da43a7963cd2e08f107220f2e3fc3aed27 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 7 Dec 2010 11:27:51 -0500 Subject: [PATCH 2/3] revise bug2081_followup changelog --- changes/bug2081_followup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changes/bug2081_followup b/changes/bug2081_followup index fbb44653ab..9b81bc125c 100644 --- a/changes/bug2081_followup +++ b/changes/bug2081_followup @@ -1,6 +1,6 @@ o Minor features (authorities) - - Directory authorities now reject server running any version of + - Directory authorities now reject relays running any versions of Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have - known bugs that keep RELAY_EARY cells from working on rendezvous + known bugs that keep RELAY_EARLY cells from working on rendezvous circuits. Followup to fix for bug 2081. From 5efe6f04c68debe6ef9307d0ed98f67ed5ca5f46 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 7 Dec 2010 11:35:32 -0500 Subject: [PATCH 3/3] Reject relay versions older than 0.2.0.26-rc This was the first version to cache the correct directory information. Fixes bug 2156. --- changes/bug2081_followup | 3 +++ src/or/dirserv.c | 9 +++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changes/bug2081_followup b/changes/bug2081_followup index 9b81bc125c..a53227c38e 100644 --- a/changes/bug2081_followup +++ b/changes/bug2081_followup @@ -3,4 +3,7 @@ Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have known bugs that keep RELAY_EARLY cells from working on rendezvous circuits. Followup to fix for bug 2081. + - Directory authorities now reject relays running any version of Tor + older than 0.2.0.26-rc. That is the earliest version that fetches + current directory information correctly. Fix for bug 2156. diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 4cd6123f4c..fd4b53a482 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -386,15 +386,16 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname, strmap_size(fingerprint_list->fp_by_name), digestmap_size(fingerprint_list->status_by_digest)); - /* Tor 0.1.2.x is pretty old, but there are a lot of them running still, - * and there aren't any critical relay-side vulnerabilities. Once more - * of them die off, we should raise this minimum to 0.2.0.x. */ - if (platform && !tor_version_as_new_as(platform,"0.1.2.14")) { + /* Tor 0.2.0.26-rc is the oldest version that currently caches the right + * directory information. Once more of them die off, we should raise this + * minimum. */ + if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) { if (msg) *msg = "Tor version is far too old to work."; return FP_REJECT; } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha") && !tor_version_as_new_as(platform, "0.2.1.19")) { + /* These versions mishandled RELAY_EARLY cells on rend circuits. */ if (msg) *msg = "Tor version is too buggy to work."; return FP_REJECT;