Never choose a bridge as an exit. Bug 5342.

author Nick Mathewson <nickm@torproject.org>

Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)

committer Nick Mathewson <nickm@torproject.org>

Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)
author Nick Mathewson <nickm@torproject.org>
Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)
committer Nick Mathewson <nickm@torproject.org>
Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)
diff --git a/changes/bug5342 b/changes/bug5342

new file mode 100644 (file)

index 0000000..b2ae451
--- /dev/null
+++ b/changes/bug5342
@@ -0,0 +1,3 @@
+  o Security fixes:
+    - Never use a bridge as an exit, even if it claims to be one.  Found by
+      wanoskarnet. Fixes bug 5342. Bugfix on ????.
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c

index 72ec9e4880a9c9e16cc7e5c27d86e82114a94f9a..decb18fc11b359a54fafc70519d24f182ebb9bf1 100644 (file)
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2704,7 +2704,11 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
        n_supported[i] = -1;
        continue; /* skip routers that are known to be down or bad exits */
      }
-
+    if (router->purpose != ROUTER_PURPOSE_GENERAL) {
+      /* never pick a non-general node as a random exit. */
+      n_supported[i] = -1;
+      continue;
+    }
      if (options->_ExcludeExitNodesUnion &&
          routerset_contains_router(options->_ExcludeExitNodesUnion, router)) {
        n_supported[i] = -1;
author	Nick Mathewson <nickm@torproject.org>
	Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Fri, 9 Mar 2012 19:27:50 +0000 (14:27 -0500)
changes/bug5342	[new file with mode: 0644]	patch \| blob
src/or/circuitbuild.c		patch \| blob \| blame \| history