Loading changes/bug19973 0 → 100644 +6 −0 Original line number Diff line number Diff line o Major bugfixes (client, security): - Only use the ReachableAddresses option to restrict the first hop in a path. Previously, it would apply to every hop in the path, with a possible degredation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha. src/or/circuitbuild.c +7 −2 Original line number Diff line number Diff line Loading @@ -1770,6 +1770,8 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags, const node_t *rp_node = NULL; const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0; const int need_desc = (flags & CRN_NEED_DESC) != 0; const int pref_addr = (flags & CRN_PREF_ADDR) != 0; const int direct_conn = (flags & CRN_DIRECT_CONN) != 0; smartlist_t *whitelisted_live_rps = smartlist_new(); smartlist_t *all_live_nodes = smartlist_new(); Loading @@ -1780,7 +1782,9 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags, router_add_running_nodes_to_smartlist(all_live_nodes, allow_invalid, 0, 0, 0, need_desc, 0); need_desc, pref_addr, direct_conn); /* Filter all_live_nodes to only add live *and* whitelisted RPs to * the list whitelisted_live_rps. */ Loading Loading @@ -2148,7 +2152,8 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state) const or_options_t *options = get_options(); /* If possible, choose an entry server with a preferred address, * otherwise, choose one with an allowed address */ router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR; router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR| CRN_DIRECT_CONN); const node_t *node; if (state && options->UseEntryGuards && Loading src/or/or.h +4 −1 Original line number Diff line number Diff line Loading @@ -5226,7 +5226,10 @@ typedef enum { CRN_WEIGHT_AS_EXIT = 1<<5, CRN_NEED_DESC = 1<<6, /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */ CRN_PREF_ADDR = 1<<7 CRN_PREF_ADDR = 1<<7, /* On clients, only provide nodes that we can connect to directly, based on * our firewall rules */ CRN_DIRECT_CONN = 1<<8 } router_crn_flags_t; /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */ Loading src/or/routerlist.c +8 −6 Original line number Diff line number Diff line Loading @@ -2245,7 +2245,7 @@ void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, int need_uptime, int need_capacity, int need_guard, int need_desc, int pref_addr) int pref_addr, int direct_conn) { const int check_reach = !router_skip_or_reachability(get_options(), pref_addr); Loading @@ -2260,10 +2260,10 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, continue; if (node_is_unreliable(node, need_uptime, need_capacity, need_guard)) continue; /* Choose a node with an OR address that matches the firewall rules */ if (check_reach && !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr)) /* Choose a node with an OR address that matches the firewall rules, * if we are making a direct connection */ if (direct_conn && check_reach && !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr)) continue; smartlist_add(sl, (void *)node); Loading Loading @@ -2717,6 +2717,7 @@ router_choose_random_node(smartlist_t *excludedsmartlist, const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0; const int need_desc = (flags & CRN_NEED_DESC) != 0; const int pref_addr = (flags & CRN_PREF_ADDR) != 0; const int direct_conn = (flags & CRN_DIRECT_CONN) != 0; smartlist_t *sl=smartlist_new(), *excludednodes=smartlist_new(); Loading @@ -2742,7 +2743,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist, router_add_running_nodes_to_smartlist(sl, allow_invalid, need_uptime, need_capacity, need_guard, need_desc, pref_addr); need_guard, need_desc, pref_addr, direct_conn); log_debug(LD_CIRC, "We found %d running nodes.", smartlist_len(sl)); Loading src/or/routerlist.h +1 −1 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2); void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, int need_uptime, int need_capacity, int need_guard, int need_desc, int pref_addr); int pref_addr, int direct_conn); const routerinfo_t *routerlist_find_my_routerinfo(void); uint32_t router_get_advertised_bandwidth(const routerinfo_t *router); Loading Loading
changes/bug19973 0 → 100644 +6 −0 Original line number Diff line number Diff line o Major bugfixes (client, security): - Only use the ReachableAddresses option to restrict the first hop in a path. Previously, it would apply to every hop in the path, with a possible degredation in anonymity for anyone using an uncommon ReachableAddress setting. Fixes bug 19973; bugfix on 0.2.8.2-alpha.
src/or/circuitbuild.c +7 −2 Original line number Diff line number Diff line Loading @@ -1770,6 +1770,8 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags, const node_t *rp_node = NULL; const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0; const int need_desc = (flags & CRN_NEED_DESC) != 0; const int pref_addr = (flags & CRN_PREF_ADDR) != 0; const int direct_conn = (flags & CRN_DIRECT_CONN) != 0; smartlist_t *whitelisted_live_rps = smartlist_new(); smartlist_t *all_live_nodes = smartlist_new(); Loading @@ -1780,7 +1782,9 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags, router_add_running_nodes_to_smartlist(all_live_nodes, allow_invalid, 0, 0, 0, need_desc, 0); need_desc, pref_addr, direct_conn); /* Filter all_live_nodes to only add live *and* whitelisted RPs to * the list whitelisted_live_rps. */ Loading Loading @@ -2148,7 +2152,8 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state) const or_options_t *options = get_options(); /* If possible, choose an entry server with a preferred address, * otherwise, choose one with an allowed address */ router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR; router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR| CRN_DIRECT_CONN); const node_t *node; if (state && options->UseEntryGuards && Loading
src/or/or.h +4 −1 Original line number Diff line number Diff line Loading @@ -5226,7 +5226,10 @@ typedef enum { CRN_WEIGHT_AS_EXIT = 1<<5, CRN_NEED_DESC = 1<<6, /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */ CRN_PREF_ADDR = 1<<7 CRN_PREF_ADDR = 1<<7, /* On clients, only provide nodes that we can connect to directly, based on * our firewall rules */ CRN_DIRECT_CONN = 1<<8 } router_crn_flags_t; /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */ Loading
src/or/routerlist.c +8 −6 Original line number Diff line number Diff line Loading @@ -2245,7 +2245,7 @@ void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, int need_uptime, int need_capacity, int need_guard, int need_desc, int pref_addr) int pref_addr, int direct_conn) { const int check_reach = !router_skip_or_reachability(get_options(), pref_addr); Loading @@ -2260,10 +2260,10 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, continue; if (node_is_unreliable(node, need_uptime, need_capacity, need_guard)) continue; /* Choose a node with an OR address that matches the firewall rules */ if (check_reach && !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr)) /* Choose a node with an OR address that matches the firewall rules, * if we are making a direct connection */ if (direct_conn && check_reach && !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr)) continue; smartlist_add(sl, (void *)node); Loading Loading @@ -2717,6 +2717,7 @@ router_choose_random_node(smartlist_t *excludedsmartlist, const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0; const int need_desc = (flags & CRN_NEED_DESC) != 0; const int pref_addr = (flags & CRN_PREF_ADDR) != 0; const int direct_conn = (flags & CRN_DIRECT_CONN) != 0; smartlist_t *sl=smartlist_new(), *excludednodes=smartlist_new(); Loading @@ -2742,7 +2743,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist, router_add_running_nodes_to_smartlist(sl, allow_invalid, need_uptime, need_capacity, need_guard, need_desc, pref_addr); need_guard, need_desc, pref_addr, direct_conn); log_debug(LD_CIRC, "We found %d running nodes.", smartlist_len(sl)); Loading
src/or/routerlist.h +1 −1 Original line number Diff line number Diff line Loading @@ -65,7 +65,7 @@ int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2); void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, int need_uptime, int need_capacity, int need_guard, int need_desc, int pref_addr); int pref_addr, int direct_conn); const routerinfo_t *routerlist_find_my_routerinfo(void); uint32_t router_get_advertised_bandwidth(const routerinfo_t *router); Loading
