Security bugfixes:

  When the user sends a NEWNYM signal, clear the client-side DNS
  cache too. Otherwise we continue to act on previous information.


svn:r8679

ChangeLog

@@ -4,6 +4,10 @@ Changes in version 0.1.2.3-alpha - 2006-10-??
       field is sent only to controllers that have enabled the extended
       event format. (Patch from Mike Perry)
 
+  o Security bugfixes:
+    - When the user sends a NEWNYM signal, clear the client-side DNS
+      cache too. Otherwise we continue to act on previous information.
+
   o Minor bugfixes:
     - Change NT service functions to be loaded on demand.  This lets us
       build with mingw without breaking Tor for Windows 98 users.

src/or/connection_edge.c

@@ -1032,7 +1032,7 @@ address_is_invalid_destination(const char *address)
   return 0;
 }
 
-/** Iterate over all address mapings which have expiry times between
+/** Iterate over all address mappings which have expiry times between
  * min_expires and max_expires, inclusive.  If sl is provided, add an
  * "old-addr new-addr" string to sl for each mapping.  If sl is NULL,
  * remove the mappings.

src/or/main.c

@@ -1331,6 +1331,7 @@ signal_callback(int fd, short events, void *arg)
 #endif
     case SIGNEWNYM:
       circuit_expire_all_dirty_circs();
+      addressmap_clear_transient();
       break;
   }
 }