[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r11171: backport candidate: Refuse to start with certain directory a (in tor/trunk: . src/or)
Author: arma
Date: 2007-08-18 22:51:54 -0400 (Sat, 18 Aug 2007)
New Revision: 11171
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/config.c
Log:
backport candidate:
Refuse to start with certain directory authority keys, and
encourage people using them to stop.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-08-19 02:02:58 UTC (rev 11170)
+++ tor/trunk/ChangeLog 2007-08-19 02:51:54 UTC (rev 11171)
@@ -28,6 +28,8 @@
o Minor features (security):
- Warn about unsafe ControlPort configurations.
+ - Refuse to start with certain directory authority keys, and
+ encourage people using them to stop.
o Minor features (controller):
- Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2007-08-19 02:02:58 UTC (rev 11170)
+++ tor/trunk/src/or/config.c 2007-08-19 02:51:54 UTC (rev 11171)
@@ -3823,6 +3823,13 @@
(int)strlen(fingerprint));
goto err;
}
+ if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
+ /* a known bad fingerprint. refuse to use it. */
+ log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
+ "torrc file (%s), or reinstall Tor and use the default torrc.",
+ get_torrc_fname());
+ goto err;
+ }
if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
goto err;