Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Bridges should never set the send_unencrypted flag on any of their descs

Fix for bug 5139.
Nick Mathewson 12 years ago
parent
9dddfe83f3
commit
7c8032c22b
2 changed files with 15 additions and 6 deletions
Split View Show Diff Stats
  1. 6 0
      changes/bug5139
  2. 9 6
      src/or/router.c

+ 6 - 0
changes/bug5139
View File 

@@ -0,0 +1,6 @@
 
+  o Minor features (bridges):
 
+    - Tag a bridge's descriptor as "never to be sent
 
+      unencrypted". This shouldn't matter, since bridges don't open
 
+      non-anonymous connections to the bridge authority and don't
 
+      allow unencrypted directory connections from clients, but we
 
+      might as well make sure. Closes bug 5139.

+ 9 - 6
src/or/router.c
View File 

@@ -1672,12 +1672,15 @@ router_rebuild_descriptor(int force)
 
 
   ri->purpose =
 
     options->BridgeRelay ? ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
 
-  ri->cache_info.send_unencrypted = 1;
 
-  /* Let bridges serve their own descriptors unencrypted, so they can
 
-   * pass reachability testing. (If they want to be harder to notice,
 
-   * they can always leave the DirPort off). */
 
-  if (ei && !options->BridgeRelay)
 
-    ei->cache_info.send_unencrypted = 1;
 
+  if (options->BridgeRelay) {
 
+    /* Bridges shouldn't be able to send their descriptors unencrypted,
 
+       anyway, since they don't have a DirPort, and always connect to the
 
+       bridge authority anonymously.  But just in case they somehow think of
 
+       sending them on an unencrypted connection, don't allow them to try. */
 
+    ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 0;
 
+  } else {
 
+    ri->cache_info.send_unencrypted = ei->cache_info.send_unencrypted = 1;
 
+  }
 
 
   router_get_router_hash(ri->cache_info.signed_descriptor_body,
 
                          strlen(ri->cache_info.signed_descriptor_body),