diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-03-09 14:27:50 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-03-09 14:27:50 -0500 |
| commit | 99bd5400e879e7313288f153f464e0b3bc0782e0 (patch) | |
| tree | 8ee78f7f99e5fa6f587db1e640d819d1a1ba4aad | |
| parent | 8abfcc080424654ae755de352999b3346ebcbb28 (diff) | |
| download | tor-99bd5400e879e7313288f153f464e0b3bc0782e0.tar tor-99bd5400e879e7313288f153f464e0b3bc0782e0.tar.gz | |
Never choose a bridge as an exit. Bug 5342.
| -rw-r--r-- | changes/bug5342 | 3 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 6 |
2 files changed, 8 insertions, 1 deletions
diff --git a/changes/bug5342 b/changes/bug5342 new file mode 100644 index 000000000..b2ae4515a --- /dev/null +++ b/changes/bug5342 @@ -0,0 +1,3 @@ + o Security fixes: + - Never use a bridge as an exit, even if it claims to be one. Found by + wanoskarnet. Fixes bug 5342. Bugfix on ????. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 72ec9e488..decb18fc1 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2704,7 +2704,11 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, n_supported[i] = -1; continue; /* skip routers that are known to be down or bad exits */ } - + if (router->purpose != ROUTER_PURPOSE_GENERAL) { + /* never pick a non-general node as a random exit. */ + n_supported[i] = -1; + continue; + } if (options->_ExcludeExitNodesUnion && routerset_contains_router(options->_ExcludeExitNodesUnion, router)) { n_supported[i] = -1; |