dos: Don't set consensus param if we aren't a public relay

We had this safeguard around dos_init() but not when the consensus changes which can modify consensus parameters and possibly enable the DoS mitigation even if tor wasn't a public relay. Fixes #25223 Signed-off-by: David Goulet <dgoulet@torproject.org>
2018-02-13 10:29:41 -05:00 · 2018-02-13 10:29:41 -05:00 · 4fe4f8179f
parent 1555946e20
commit 4fe4f8179f
2 changed files with 11 additions and 0 deletions
--- a/changes/bug25223
+++ b/changes/bug25223
@ -0,0 +1,3 @@
+  o Minor bugfixes (DoS mitigation):
+    - Make sure we don't modify consensus parameters if we aren't a public
+      relay when a new consensus arrives. Fixes bug 25223.
--- a/src/or/dos.c
+++ b/src/or/dos.c
@ -738,6 +738,14 @@ dos_close_client_conn(const or_connection_t *or_conn)
 void
 dos_consensus_has_changed(const networkstatus_t *ns)
 {
+  /* There are two ways to configure this subsystem, one at startup through
+   * dos_init() which is called when the options are parsed. And this one
+   * through the consensus. We don't want to enable any DoS mitigation if we
+   * aren't a public relay. */
+  if (!public_server_mode(get_options())) {
+    return;
+  }
+
  cc_consensus_has_changed(ns);
  conn_consensus_has_changed(ns);