From 77e51224faf1963241e207004133a2350ad23e5c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 11 Apr 2012 10:59:11 -0400 Subject: Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays Closes ticket 4572. --- src/or/config.c | 3 +-- src/or/dirserv.c | 3 +-- src/or/or.h | 4 ---- 3 files changed, 2 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/or/config.c b/src/or/config.c index 696bbd044..bfed4e5db 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -295,8 +295,7 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif - V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, - BOOL, "0"), + OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(HeartbeatPeriod, INTERVAL, "6 hours"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf..5b6087c94 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || - is_router_version_good_for_possible_guard(ri->platform))) { + (is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( node->identity, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index c323595f1..a498a5708 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3270,10 +3270,6 @@ typedef struct { * number of servers per IP address shared * with an authority. */ - /** Should we assign the Guard flag to relays which would allow - * exploitation of CVE-2011-2768 against their clients? */ - int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; - /** If non-zero, always vote the Fast flag for any relay advertising * this amount of capacity or more. */ uint64_t AuthDirFastGuarantee; -- cgit v1.2.3