diff options
| -rw-r--r-- | src/or/config.c | 2 | ||||
| -rw-r--r-- | src/or/dirserv.c | 4 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
3 files changed, 9 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 230ccf25c..78e433620 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -269,6 +269,8 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif + V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, + BOOL, "0"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(AccelName, STRING, NULL), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index fa7f693af..c427fe2ef 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2332,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2363,7 +2364,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - is_router_version_good_for_possible_guard(ri->platform)) { + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index 8638f2099..7d50e1f50 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2672,6 +2672,10 @@ typedef struct { * number of servers per IP address shared * with an authority. */ + /** Should we assign the Guard flag to relays which would allow + * exploitation of CVE-2011-2768 against their clients? */ + int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting |