one guard from a given relay family. Otherwise we could end up with
all of our entry points into the network run by the same operator.
Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.
Not a backport candidate, since I think this might break for users
who only have a given /16 in their reachableaddresses, or something
like that.
svn:r17514
disclaimer without needing to set up a separate webserver. There's
a sample disclaimer in contrib/tor-exit-notice.html.
+ o Security fixes:
+ - When the client is choosing entry guards, now it selects at most
+ one guard from a given relay family. Otherwise we could end up with
+ all of our entry points into the network run by the same operator.
+ Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.
+
o Major bugfixes:
- Fix a DOS opportunity during the voting signature collection process
at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
if (options->UseEntryGuards && entry_guards) {
SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry,
{
- if ((r = router_get_by_digest(entry->identity)))
+ if ((r = router_get_by_digest(entry->identity))) {
smartlist_add(excluded, r);
+ routerlist_add_family(excluded, r);
+ }
});
}
}
/** Add all the family of <b>router</b> to the smartlist <b>sl</b>.
- * This is used to make sure we don't pick siblings in a single path.
+ * This is used to make sure we don't pick siblings in a single path,
+ * or pick more than one relay from a family for our entry guard list.
*/
void
routerlist_add_family(smartlist_t *sl, routerinfo_t *router)
projects / thirdparty / tor.git / commitdiff
