From: Nick Mathewson Date: Fri, 15 Mar 2013 14:42:17 +0000 (-0400) Subject: Upgrade the warn for EntryNodes without UseEntryGuards to an error X-Git-Tag: tor-0.2.4.12-alpha~5^2~52^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=686aaa5c4c95ebd2c3ddfe46a237014e2813a9e7;p=thirdparty%2Ftor.git Upgrade the warn for EntryNodes without UseEntryGuards to an error fixes bug 8180 --- diff --git a/changes/bug8180 b/changes/bug8180 new file mode 100644 index 0000000000..39e6ce7f9a --- /dev/null +++ b/changes/bug8180 @@ -0,0 +1,7 @@ + o Minor bugfixes (security usability): + - Elevate the severity of the warning message when setting + EntryNodes but disabling UseGuardNodes to an error. The outcome + of letting Tor procede with those options enabled (which causes + EntryNodes to get ignored) is sufficiently different from what + was expected that it's best to just refuse to proceed. Fixes bug + 8180; bugfix on 0.2.3.11-alpha. diff --git a/src/or/config.c b/src/or/config.c index 90a5dfbda1..aa34f87cef 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2001 Matej Pfajfar. + /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2012, The Tor Project, Inc. */ @@ -3664,9 +3664,9 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->UseBridges && options->EntryNodes) REJECT("You cannot set both UseBridges and EntryNodes."); - if (options->EntryNodes && !options->UseEntryGuards) - log_warn(LD_CONFIG, "EntryNodes is set, but UseEntryGuards is disabled. " - "EntryNodes will be ignored."); + if (options->EntryNodes && !options->UseEntryGuards) { + REJECT("If EntryNodes is set, UseEntryGuards must be enabled."); + } options->_AllowInvalid = 0; if (options->AllowInvalidNodes) {