Never choose a bridge as an exit. Bug 5342.

2024-11-10 13:13:44 +01:00 · 2012-03-09 14:27:50 -05:00 · 2012-03-09 14:27:50 -05:00 · 99bd5400e8
commit 99bd5400e8
parent 8abfcc0804
2 changed files with 8 additions and 1 deletions
--- a/changes/bug5342
+++ b/changes/bug5342
@ -0,0 +1,3 @@
+  o Security fixes:
+    - Never use a bridge as an exit, even if it claims to be one.  Found by
+      wanoskarnet. Fixes bug 5342. Bugfix on ????.
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -2704,7 +2704,11 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
      n_supported[i] = -1;
      continue; /* skip routers that are known to be down or bad exits */
    }
-
+    if (router->purpose != ROUTER_PURPOSE_GENERAL) {
+      /* never pick a non-general node as a random exit. */
+      n_supported[i] = -1;
+      continue;
+    }
    if (options->_ExcludeExitNodesUnion &&
        routerset_contains_router(options->_ExcludeExitNodesUnion, router)) {
      n_supported[i] = -1;