Disallow setting UseBridges to 1 and UseEntryGuards to 0

author Neel Chauhan <neel@neelc.org>

Thu, 12 Jan 2017 14:35:27 +0000 (09:35 -0500)

committer Nick Mathewson <nickm@torproject.org>

Sat, 14 Jan 2017 19:55:23 +0000 (14:55 -0500)
author Neel Chauhan <neel@neelc.org>
Thu, 12 Jan 2017 14:35:27 +0000 (09:35 -0500)
committer Nick Mathewson <nickm@torproject.org>
Sat, 14 Jan 2017 19:55:23 +0000 (14:55 -0500)
diff --git a/changes/bug20502 b/changes/bug20502

new file mode 100644 (file)

index 0000000..d956daf
--- /dev/null
+++ b/changes/bug20502
@@ -0,0 +1,5 @@
+  o Minor features
+    - Require UseEntryGuards when UseBridges is set in order to make sure
+      bridges aren't bypassed. Resolves ticket 20502.
+    - Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not break
+      regresson tests.
diff --git a/src/or/config.c b/src/or/config.c

index b8ca14e85b418b25c5db6c5ef92e51f924437a1a..c4e9ca24033a33f6f0a2b907420ca69c156486e8 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3372,6 +3372,11 @@ options_validate(or_options_t *old_options, or_options_t *options,
    if (options->UseBridges && options->EntryNodes)
      REJECT("You cannot set both UseBridges and EntryNodes.");
  
+  /* If we have UseBridges as 1 and UseEntryGuards as 0, we end up bypassing
+   * the use of bridges */
+  if (options->UseBridges && !options->UseEntryGuards)
+    REJECT("Setting UseBridges requires also setting UseEntryGuards.");
+
    options->MaxMemInQueues =
      compute_real_max_mem_in_queues(options->MaxMemInQueues_raw,
                                     server_mode(options));
diff --git a/src/test/test_options.c b/src/test/test_options.c

index ce5e1ed62cb0c4eff73cc1f9128e40fea5533f15..41c015bdd4279713075bc54ac23a0be46d6df1e2 100644 (file)
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -333,7 +333,8 @@ fixed_get_uname(void)
    "VirtualAddrNetworkIPv4 127.192.0.0/10\n"                             \
    "VirtualAddrNetworkIPv6 [FE80::]/10\n"                                \
    "SchedulerHighWaterMark__ 42\n"                                       \
-  "SchedulerLowWaterMark__ 10\n"
+  "SchedulerLowWaterMark__ 10\n"                                        \
+  "UseEntryGuards 1\n"
  
  typedef struct {
    or_options_t *old_opt;
@@ -1934,6 +1935,19 @@ test_options_validate__use_bridges(void *ignored)
              "If you set UseBridges, you must specify at least one bridge.");
    tor_free(msg);
  
+  free_options_test_data(tdata);
+  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
+                                "UseBridges 1\n"
+                                "Bridge 10.0.0.1\n"
+                                "UseEntryGuards 0\n"
+                                );
+
+  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+  tt_int_op(ret, OP_EQ, -1);
+  tt_str_op(msg, OP_EQ,
+            "Setting UseBridges requires also setting UseEntryGuards.");
+  tor_free(msg);
+
    free_options_test_data(tdata);
    tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
                                  "UseBridges 1\n"
author	Neel Chauhan <neel@neelc.org>
	Thu, 12 Jan 2017 14:35:27 +0000 (09:35 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Sat, 14 Jan 2017 19:55:23 +0000 (14:55 -0500)
changes/bug20502	[new file with mode: 0644]	patch \| blob
src/or/config.c		patch \| blob \| blame \| history
src/test/test_options.c		patch \| blob \| blame \| history