From e5be0504abe4d830247295d6c3ed9c6de92d2e16 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 8 Dec 2008 00:04:29 +0000 Subject: [PATCH] When the client is choosing entry guards, now it selects at most one guard from a given relay family. Otherwise we could end up with all of our entry points into the network run by the same operator. Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha. Not a backport candidate, since I think this might break for users who only have a given /16 in their reachableaddresses, or something like that. svn:r17514 --- ChangeLog | 6 ++++++ src/or/circuitbuild.c | 4 +++- src/or/routerlist.c | 3 ++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index b36861902..e0e9baf92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,12 @@ Changes in version 0.2.1.8-alpha - 2008-12-08 disclaimer without needing to set up a separate webserver. There's a sample disclaimer in contrib/tor-exit-notice.html. + o Security fixes: + - When the client is choosing entry guards, now it selects at most + one guard from a given relay family. Otherwise we could end up with + all of our entry points into the network run by the same operator. + Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha. + o Major bugfixes: - Fix a DOS opportunity during the voting signature collection process at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index e7ab333e8..e16e1675d 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1658,8 +1658,10 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state) if (options->UseEntryGuards && entry_guards) { SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry, { - if ((r = router_get_by_digest(entry->identity))) + if ((r = router_get_by_digest(entry->identity))) { smartlist_add(excluded, r); + routerlist_add_family(excluded, r); + } }); } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 48e66ed8d..e2f3170b6 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1219,7 +1219,8 @@ routerlist_add_network_family(smartlist_t *sl, routerinfo_t *router) } /** Add all the family of router to the smartlist sl. - * This is used to make sure we don't pick siblings in a single path. + * This is used to make sure we don't pick siblings in a single path, + * or pick more than one relay from a family for our entry guard list. */ void routerlist_add_family(smartlist_t *sl, routerinfo_t *router)