nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove is_router_version_good_for_possible_guard()

Browse Source 
The versions which this function would keep from getting the guard
flag are already blocked by the minimum version check.

Closes 13152.
This commit is contained in:
Nick Mathewson 2014-10-09 15:12:36 -04:00
parent 90bce702ba
commit cd678ae790
2 changed files with 6 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug13152 Normal file
View File

@ -0,0 +1,5 @@
o Removed features (directory authority):
- Remove code that prevented authorities from listing Tor servers
affected by CVE-2011-2769 as guards. These servers are already
rejected altogether due to the minimum version requirement of
0.2.3.16-alpha. Closes ticket 13152.

72
src/or/dirserv.c
View File

@ -2028,75 +2028,6 @@ get_possible_sybil_list(const smartlist_t *routers)
return omit_as_sybil;
}
/** Return non-zero iff a relay running the Tor version specified in
* <b>platform</b> is suitable for use as a potential entry guard. */
static int
is_router_version_good_for_possible_guard(const char *platform)
{
static int parsed_versions_initialized = 0;
static tor_version_t first_good_0_2_1_guard_version;
static tor_version_t first_good_0_2_2_guard_version;
static tor_version_t first_good_later_guard_version;
tor_version_t router_version;
/* XXX024 This block should be extracted into its own function. */
/* XXXX Begin code copied from tor_version_as_new_as (in routerparse.c) */
{
char *s, *s2, *start;
char tmp[128];
tor_assert(platform);
/* nonstandard Tor; be safe and say yes */
if (strcmpstart(platform,"Tor "))
return 1;
start = (char *)eat_whitespace(platform+3);
if (!*start) return 0;
s = (char *)find_whitespace(start); /* also finds '\0', which is fine */
s2 = (char*)eat_whitespace(s);
if (!strcmpstart(s2, "(r") || !strcmpstart(s2, "(git-"))
s = (char*)find_whitespace(s2);
if ((size_t)(s-start+1) >= sizeof(tmp)) /* too big, no */
return 0;
strlcpy(tmp, start, s-start+1);
if (tor_version_parse(tmp, &router_version)<0) {
log_info(LD_DIR,"Router version '%s' unparseable.",tmp);
return 1; /* be safe and say yes */
}
}
/* XXXX End code copied from tor_version_as_new_as (in routerparse.c) */
if (!parsed_versions_initialized) {
/* CVE-2011-2769 was fixed on the relay side in Tor versions
* 0.2.1.31, 0.2.2.34, and 0.2.3.6-alpha. */
tor_assert(tor_version_parse("0.2.1.31",
&first_good_0_2_1_guard_version)>=0);
tor_assert(tor_version_parse("0.2.2.34",
&first_good_0_2_2_guard_version)>=0);
tor_assert(tor_version_parse("0.2.3.6-alpha",
&first_good_later_guard_version)>=0);
/* Don't parse these constant version strings once for every relay
* for every vote. */
parsed_versions_initialized = 1;
}
return ((tor_version_same_series(&first_good_0_2_1_guard_version,
&router_version) &&
tor_version_compare(&first_good_0_2_1_guard_version,
&router_version) <= 0) ||
(tor_version_same_series(&first_good_0_2_2_guard_version,
&router_version) &&
tor_version_compare(&first_good_0_2_2_guard_version,
&router_version) <= 0) ||
(tor_version_compare(&first_good_later_guard_version,
&router_version) <= 0));
}
/** Extract status information from <b>ri</b> and from other authority
* functions and store it in <b>rs</b>>.
*
@ -2135,8 +2066,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
((options->AuthDirGuardBWGuarantee &&
routerbw_kb >= options->AuthDirGuardBWGuarantee/1000) ||
routerbw_kb >= MIN(guard_bandwidth_including_exits_kb,
guard_bandwidth_excluding_exits_kb)) &&
is_router_version_good_for_possible_guard(ri->platform)) {
guard_bandwidth_excluding_exits_kb))) {
long tk = rep_hist_get_weighted_time_known(
node->identity, now);
double wfu = rep_hist_get_weighted_fractional_uptime(