diff options
author | Robert Ransom <rransom.8774@gmail.com> | 2011-10-25 12:33:21 -0700 |
---|---|---|
committer | Sebastian Hahn <sebastian@torproject.org> | 2011-10-26 23:56:47 +0200 |
commit | 4684ced1b3fced0543fa65bf01f75c5d81eaf464 (patch) | |
tree | fd515c09cd317e8d3aecce27e95da6b42979d62f | |
parent | 00fffbc1a15e2696a89c721d0c94dc333ff419ef (diff) | |
download | tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.tar tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.tar.gz |
Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.
Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
-rw-r--r-- | src/or/config.c | 2 | ||||
-rw-r--r-- | src/or/dirserv.c | 4 | ||||
-rw-r--r-- | src/or/or.h | 4 |
3 files changed, 9 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 230ccf25c..78e433620 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -269,6 +269,8 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif + V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, + BOOL, "0"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(AccelName, STRING, NULL), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index fa7f693af..c427fe2ef 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2332,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2363,7 +2364,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - is_router_version_good_for_possible_guard(ri->platform)) { + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index 8638f2099..7d50e1f50 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2672,6 +2672,10 @@ typedef struct { * number of servers per IP address shared * with an authority. */ + /** Should we assign the Guard flag to relays which would allow + * exploitation of CVE-2011-2768 against their clients? */ + int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting |