[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.3.1] Guard: Don't pick ourselves as a possible Guard



commit 91cee3c9e73aba089804cd88305115fc3ab1f76c
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Tue Nov 28 19:09:13 2017 -0500

    Guard: Don't pick ourselves as a possible Guard
    
    TROVE-2017-12. Severity: Medium
    
    Thankfully, tor will close any circuits that we try to extend to
    ourselves so this is not problematic but annoying.
    
    Part of #21534.
---
 changes/trove-2017-012-part2 | 5 +++++
 src/or/entrynodes.c          | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2
new file mode 100644
index 000000000..ed994c5b0
--- /dev/null
+++ b/changes/trove-2017-012-part2
@@ -0,0 +1,5 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never ever choose ourselves
+      as a guard. Previously, this was possible. Fixes part of bug 21534;
+      bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index d762afdcf..0109da8e0 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -740,7 +740,8 @@ node_is_possible_guard(const node_t *node)
           node->is_stable &&
           node->is_fast &&
           node->is_valid &&
-          node_is_dir(node));
+          node_is_dir(node) &&
+          !router_digest_is_me(node->identity));
 }
 
 /**



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits