sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

backport candidate: 

Refuse to start with certain directory authority keys, and 
encourage people using them to stop.


svn:r11171
This commit is contained in:
Roger Dingledine 2007-08-19 02:51:54 +00:00
parent 22a9d71829
commit 96cff65f85
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -28,6 +28,8 @@ Changes in version 0.2.0.5-alpha - 2007-08-19
o Minor features (security):
- Warn about unsafe ControlPort configurations.
- Refuse to start with certain directory authority keys, and
encourage people using them to stop.
o Minor features (controller):
- Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it

7
src/or/config.c
View File

@ -3823,6 +3823,13 @@ parse_dir_server_line(const char *line, int validate_only)
(int)strlen(fingerprint));
goto err;
}
if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
/* a known bad fingerprint. refuse to use it. */
log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
"torrc file (%s), or reinstall Tor and use the default torrc.",
get_torrc_fname());
goto err;
}
if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
goto err;