[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10310: backport r10240 and r10242 (in tor/branches/tor-0_1_2-patches: . src/or)
Author: arma
Date: 2007-05-24 13:31:59 -0400 (Thu, 24 May 2007)
New Revision: 10310
Modified:
tor/branches/tor-0_1_2-patches/ChangeLog
tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c
Log:
backport r10240 and r10242
Modified: tor/branches/tor-0_1_2-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_2-patches/ChangeLog 2007-05-24 17:23:10 UTC (rev 10309)
+++ tor/branches/tor-0_1_2-patches/ChangeLog 2007-05-24 17:31:59 UTC (rev 10310)
@@ -1,16 +1,26 @@
-Changes in version 0.1.2.14 - 2007-05-23
+Changes in version 0.1.2.14 - 2007-05-24
o Directory authority changes:
- Two directory authorities (moria1 and moria2) just moved to new
IP addresses. This change will particularly affect those who serve
or use hidden services.
- o Major bugfixes:
+ o Major bugfixes (crashes):
- If a directory server runs out of space in the connection table
as it's processing a begin_dir request, it will free the exit stream
but leave it attached to the circuit, leading to unpredictable
behavior. (Reported by seeess, fixes bug 425.)
- Fix a bug in dirserv_remove_invalid() that would cause authorities
to corrupt memory under some really unlikely scenarios.
+ - Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
+ - Avoid segfaults when reading from mmaped descriptor file. (Reported
+ by lodger.)
+
+ o Major bugfixes (security):
+ - When choosing an entry guard for our circuit, avoid using guards
+ that are in the same family as the chosen exit -- not just guards
+ that are exactly the chosen exit. (Reported by lodger.)
+
+ o Major bugfixes (resource management):
- If a directory authority is down, skip it when deciding where to get
networkstatus objects or descriptors. Otherwise we keep asking
every 10 seconds forever. Fixes bug 384.
@@ -20,8 +30,6 @@
- If all of our dirservers have given us bad or no networkstatuses
lately, then stop hammering them once per minute even when we
think they're failed. Fixes another part of bug 422.
- - Tighten router parsing rules.
- - Avoid segfaults when reading from mmaped descriptor file.
o Minor bugfixes:
- Actually set the purpose correctly for descriptors inserted with
Modified: tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c 2007-05-24 17:23:10 UTC (rev 10309)
+++ tor/branches/tor-0_1_2-patches/src/or/circuitbuild.c 2007-05-24 17:31:59 UTC (rev 10310)
@@ -2322,11 +2322,15 @@
{
or_options_t *options = get_options();
smartlist_t *live_entry_guards = smartlist_create();
+ smartlist_t *exit_family = smartlist_create();
routerinfo_t *chosen_exit = build_state_get_exit_router(state);
routerinfo_t *r = NULL;
int need_uptime = state->need_uptime;
int need_capacity = state->need_capacity;
+ smartlist_add(exit_family, chosen_exit);
+ routerlist_add_family(exit_family, chosen_exit);
+
if (!entry_guards)
entry_guards = smartlist_create();
@@ -2343,7 +2347,7 @@
SMARTLIST_FOREACH(entry_guards, entry_guard_t *, entry,
{
r = entry_is_live(entry, need_uptime, need_capacity, 0);
- if (r && r != chosen_exit) {
+ if (r && !smartlist_isin(exit_family, r)) {
smartlist_add(live_entry_guards, r);
if (smartlist_len(live_entry_guards) >= options->NumEntryGuards)
break; /* we have enough */
@@ -2380,6 +2384,7 @@
r = smartlist_choose(live_entry_guards);
smartlist_free(live_entry_guards);
+ smartlist_free(exit_family);
return r;
}