Guard: Don't pick ourselves as a possible Guard

TROVE-2017-12. Severity: Medium

Thankfully, tor will close any circuits that we try to extend to
ourselves so this is not problematic but annoying.

Part of #21534.

diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2
new file mode 100644 (file)
index 0000000..ed994c5
--- /dev/null
+++ b/changes/trove-2017-012-part2
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never ever choose ourselves
+      as a guard. Previously, this was possible. Fixes part of bug 21534;
+      bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index d762afdcfe070eb0552cd0f2be5661a776365b0d..0109da8e01bef621b6e331f5c8e68eb79b7c1ea8 100644 (file)
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -740,7 +740,8 @@ node_is_possible_guard(const node_t *node)
           node->is_stable &&
           node->is_fast &&
           node->is_valid &&
-          node_is_dir(node));
+          node_is_dir(node) &&
+          !router_digest_is_me(node->identity));
 }
 
 /**