Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

backport candidate:
Refuse to start with certain directory authority keys, and
encourage people using them to stop.


svn:r11171

Roger Dingledine 18 years ago
parent
22a9d71829
commit
96cff65f85
2 changed files with 9 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      ChangeLog
  2. 7 0
      src/or/config.c

+ 2 - 0
ChangeLog
View File 

@@ -28,6 +28,8 @@ Changes in version 0.2.0.5-alpha - 2007-08-19
 
 
   o Minor features (security):
 
     - Warn about unsafe ControlPort configurations.
 
+    - Refuse to start with certain directory authority keys, and
 
+      encourage people using them to stop.
 
 
   o Minor features (controller):
 
     - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it

+ 7 - 0
src/or/config.c
View File 

@@ -3823,6 +3823,13 @@ parse_dir_server_line(const char *line, int validate_only)
 
              (int)strlen(fingerprint));
 
     goto err;
 
   }
 
+  if (!strcmp(fingerprint, "E623F7625FBE0C87820F11EC5F6D5377ED816294")) {
 
+    /* a known bad fingerprint. refuse to use it. */
 
+    log_warn(LD_CONFIG, "Dangerous dirserver line. To correct, erase your "
 
+             "torrc file (%s), or reinstall Tor and use the default torrc.",
 
+             get_torrc_fname());
 
+    goto err;
 
+  }
 
   if (base16_decode(digest, DIGEST_LEN, fingerprint, HEX_DIGEST_LEN)<0) {
 
     log_warn(LD_CONFIG, "Unable to decode DirServer key digest.");
 
     goto err;