From 9a1a96ba0947e1c9b0e43aef6600b0d083586cf5 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 8 Feb 2011 08:08:47 -0500 Subject: [PATCH] don't use old non-configured bridges (bug 2511) --- changes/bug2511 | 6 ++++++ src/or/routerlist.c | 13 +++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 changes/bug2511 diff --git a/changes/bug2511 b/changes/bug2511 new file mode 100644 index 0000000000..a27696a5ff --- /dev/null +++ b/changes/bug2511 @@ -0,0 +1,6 @@ + o Major bugfixes: + - If you configured Tor to use bridge A, and then quit and + configured Tor to use bridge B instead, it would happily continue + to use bridge A if it's still reachable. While this behavior is + a feature if your goal is connectivity, in some scenarios it's a + dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511. diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 6d6386292f..bbd08f39ef 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -3314,6 +3314,19 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg, return ROUTER_NOT_IN_CONSENSUS; } + /* If we're reading a bridge descriptor from our cache, and we don't + * recognize it as one of our currently configured bridges, drop the + * descriptor. Otherwise we could end up using it as one of our entry + * guards even if it isn't in our Bridge config lines. */ + if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache && + !routerinfo_is_a_configured_bridge(router)) { + log_info(LD_DIR, "Dropping bridge descriptor for '%s' because we have " + "no bridge configured at that address.", router->nickname); + *msg = "Router descriptor was not a configured bridge."; + routerinfo_free(router); + return ROUTER_WAS_NOT_NEW; + } + /* If we have a router with the same identity key, choose the newer one. */ if (old_router) { if (!in_consensus && (router->cache_info.published_on <=