diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-04-11 10:59:11 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-04-11 10:59:11 -0400 |
| commit | 77e51224faf1963241e207004133a2350ad23e5c (patch) | |
| tree | 315f14f0fe88b959d513b601439dbd007e9a671f /src | |
| parent | ab338e3bb8220de6c38d2b689f2e9593d256e9c4 (diff) | |
| download | tor-77e51224faf1963241e207004133a2350ad23e5c.tar tor-77e51224faf1963241e207004133a2350ad23e5c.tar.gz | |
Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/dirserv.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
3 files changed, 2 insertions, 8 deletions
diff --git a/src/or/config.c b/src/or/config.c index 696bbd044..bfed4e5db 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -295,8 +295,7 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif - V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, - BOOL, "0"), + OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(HeartbeatPeriod, INTERVAL, "6 hours"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf..5b6087c94 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || - is_router_version_good_for_possible_guard(ri->platform))) { + (is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( node->identity, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index c323595f1..a498a5708 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3270,10 +3270,6 @@ typedef struct { * number of servers per IP address shared * with an authority. */ - /** Should we assign the Guard flag to relays which would allow - * exploitation of CVE-2011-2768 against their clients? */ - int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; - /** If non-zero, always vote the Fast flag for any relay advertising * this amount of capacity or more. */ uint64_t AuthDirFastGuarantee; |