Authorities reject insecure Tors.

This patch should make us reject every Tor that was vulnerable to CVE-2011-0427. Additionally, it makes us reject every Tor that couldn't handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
author: Nick Mathewson <nickm@torproject.org> 2011-12-27 21:47:04 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-12-27 21:47:04 -0500
commit: 9bcb18738747e12629c38ae366b96993e2002859 (patch)
tree: fba303dd75271a487b56bf7f340a08d92921903e /src
parent: da876aec63b133b64eb6e71f8b87df5c84e7ec3b (diff)
download: tor-9bcb18738747e12629c38ae366b96993e2002859.tar
tor-9bcb18738747e12629c38ae366b96993e2002859.tar.gz
1 files changed, 12 insertions, 11 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index 634b3eca2..0308d4dbc 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -388,19 +388,20 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname,
               strmap_size(fingerprint_list->fp_by_name),
               digestmap_size(fingerprint_list->status_by_digest));
 
-  /* Tor 0.2.0.26-rc is the oldest version that currently caches the right
-   * directory information.  Once more of them die off, we should raise this
-   * minimum. */
-  if (platform && !tor_version_as_new_as(platform,"0.2.0.26-rc")) {
+  /* Versions before Tor 0.2.1.30 have known security issues that
+   * make them unsuitable for the current network. */
+  if (platform && !tor_version_as_new_as(platform,"0.2.1.30")) {
     if (msg)
-      *msg = "Tor version is far too old to work.";
-    return FP_REJECT;
-  } else if (platform && tor_version_as_new_as(platform,"0.2.1.3-alpha")
-                      && !tor_version_as_new_as(platform, "0.2.1.19")) {
-    /* These versions mishandled RELAY_EARLY cells on rend circuits. */
-    if (msg)
-      *msg = "Tor version is too buggy to work.";
+      *msg = "Tor version is insecure. Please upgrade!";
     return FP_REJECT;
+  } else if (platform && tor_version_as_new_as(platform,"0.2.2.1-alpha")) {
+    /* Versions from 0.2.2.1-alpha...0.2.2.20-alpha have known security
+     * issues that make them unusable for the current network */
+    if (!tor_version_as_new_as(platform, "0.2.2.21-alpha")) {
+      if (msg)
+        *msg = "Tor version is insecure. Please upgrade!";
+      return FP_REJECT;
+    }
   }
 
   result = dirserv_get_name_status(id_digest, nickname);
author	Nick Mathewson <nickm@torproject.org>	2011-12-27 21:47:04 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-12-27 21:47:04 -0500
commit	9bcb18738747e12629c38ae366b96993e2002859 (patch)
tree	fba303dd75271a487b56bf7f340a08d92921903e /src
parent	da876aec63b133b64eb6e71f8b87df5c84e7ec3b (diff)
download	tor-9bcb18738747e12629c38ae366b96993e2002859.tar tor-9bcb18738747e12629c38ae366b96993e2002859.tar.gz