Bridges should never set the send_unencrypted flag on any of their descs

Fix for bug 5139.
This commit is contained in:
Nick Mathewson 2012-04-27 11:51:48 -04:00
parent 9dddfe83f3
commit 7c8032c22b
2 changed files with 15 additions and 6 deletions

6
changes/bug5139 Normal file
View File

@ -0,0 +1,6 @@
o Minor features (bridges):
- Tag a bridge's descriptor as "never to be sent
unencrypted". This shouldn't matter, since bridges don't open
non-anonymous connections to the bridge authority and don't
allow unencrypted directory connections from clients, but we
might as well make sure. Closes bug 5139.

View File

@ -1672,12 +1672,15 @@ router_rebuild_descriptor(int force)
ri->purpose =
options->BridgeRelay ? ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
ri->cache_info.send_unencrypted = 1;
/* Let bridges serve their own descriptors unencrypted, so they can
* pass reachability testing. (If they want to be harder to notice,
* they can always leave the DirPort off). */
if (ei && !options->BridgeRelay)
ei->cache_info.send_unencrypted = 1;
if (options->BridgeRelay) {
/* Bridges shouldn't be able to send their descriptors unencrypted,
anyway, since they don't have a DirPort, and always connect to the
bridge authority anonymously. But just in case they somehow think of
sending them on an unencrypted connection, don't allow them to try. */
ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 0;
} else {
ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 1;
}
router_get_router_hash(ri->cache_info.signed_descriptor_body,
strlen(ri->cache_info.signed_descriptor_body),