Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays

Closes ticket 4572.

diff --git a/changes/bug4572 b/changes/bug4572
new file mode 100644 (file)
index 0000000..3107bf9
--- /dev/null
+++ b/changes/bug4572
@@ -0,0 +1,6 @@
+  o Removed features
+    - Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option;
+      authorities needed to use it for a while to keep the network working
+      as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but that
+      was six months ago.  As of now, it should no longer be needed or used.
+

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index e73377bdfd69f09c991f5a9e4b475c89d2065571..98c97e717ae936c21197d62fc3bd33e936b7e706 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1610,10 +1610,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS
     votes on whether to accept relays as hidden service directories.
     (Default: 1)
 
-GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**::
-    When this option is set to 0, do not vote to give the Guard flag to any
-    version of Tor vulnerable to CVE-2011-2769. (Default: 0)
-
 HIDDEN SERVICE OPTIONS
 ----------------------
 

diff --git a/src/or/config.c b/src/or/config.c
index 696bbd04409899681075001416e7dcdc552feb71..bfed4e5db47abe11e355852004f4535f8724093e 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -295,8 +295,7 @@ static config_var_t _option_vars[] = {
   V(GeoIPFile,                   FILENAME,
     SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
 #endif
-  V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays,
-                                 BOOL,     "0"),
+  OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
   OBSOLETE("Group"),
   V(HardwareAccel,               BOOL,     "0"),
   V(HeartbeatPeriod,             INTERVAL, "6 hours"),

diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 11f235caf40a9e7f74bdb9cf437786f6aacff0ef..5b6087c94371aa087647e5237783ec8629480831 100644 (file)
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
         routerbw >= options->AuthDirGuardBWGuarantee) ||
        routerbw >= MIN(guard_bandwidth_including_exits,
                        guard_bandwidth_excluding_exits)) &&
-      (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays ||
-       is_router_version_good_for_possible_guard(ri->platform))) {
+      (is_router_version_good_for_possible_guard(ri->platform))) {
     long tk = rep_hist_get_weighted_time_known(
                                       node->identity, now);
     double wfu = rep_hist_get_weighted_fractional_uptime(

diff --git a/src/or/or.h b/src/or/or.h
index c323595f1e682f833aa5acb565c211a3d36da3a4..a498a57083ad8eb5c3db6483393f42fec2fdb05e 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3270,10 +3270,6 @@ typedef struct {
                                      * number of servers per IP address shared
                                      * with an authority. */
 
-  /** Should we assign the Guard flag to relays which would allow
-   * exploitation of CVE-2011-2768 against their clients? */
-  int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
-
   /** If non-zero, always vote the Fast flag for any relay advertising
    * this amount of capacity or more. */
   uint64_t AuthDirFastGuarantee;