[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] prop250: Only trust known authority when computing SRV

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] prop250: Only trust known authority when computing SRV
From: nickm@xxxxxxxxxxxxxx
Date: Fri, 1 Jul 2016 19:35:16 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 Jul 2016 15:35:49 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 545b77e2f8fac6cf5909bb6b69b52d9cb4f8f397
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Wed May 11 16:02:18 2016 -0400

    prop250: Only trust known authority when computing SRV
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/or/shared_random.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 6e6ff3b..d409d10 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -951,6 +951,16 @@ sr_compute_srv(void)
   DIGESTMAP_FOREACH(state_commits, key, sr_commit_t *, c) {
     /* Extra safety net, make sure we have valid commit before using it. */
     ASSERT_COMMIT_VALID(c);
+    /* Let's not use a commit from an authority that we don't know. It's
+     * possible that an authority could be removed during a protocol run so
+     * that commit value should never be used in the SRV computation. */
+    if (trusteddirserver_get_by_v3_auth_digest(c->rsa_identity) == NULL) {
+      log_warn(LD_DIR, "SR: Fingerprint %s is not from a recognized "
+               "authority. Discarding commit for the SRV computation.",
+               sr_commit_get_rsa_fpr(c));
+      continue;
+    }
+    /* We consider this commit valid. */
     smartlist_add(commits, c);
   } DIGESTMAP_FOREACH_END;
   smartlist_sort(commits, compare_reveal_);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Raise libevent dependency to 2.0.10-stable or newer
Next by Author: [tor-commits] [tor/master] loony mingwcross bug: insist we dont have clock_gettime.
Previous by thread: [tor-commits] [tor/master] prop250: Improve log messages
Next by thread: [tor-commits] [tor/master] prop250: change time_t to uint64_t
Index(es):
- Author
- Thread