mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-24 06:48:05 +01:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'public/bug4572'

Browse source
This commit is contained in:
Nick Mathewson 2012-04-24 11:38:51 -04:00
commit 4314d1a15a
5 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changes/bug4572 Normal file
View file

@ -0,0 +1,6 @@
o Removed features
- Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option;
authorities needed to use it for a while to keep the network working
as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but that
was six months ago. As of now, it should no longer be needed or used.

4
doc/tor.1.txt
View file

@ -1610,10 +1610,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS
votes on whether to accept relays as hidden service directories. votes on whether to accept relays as hidden service directories.
(Default: 1) (Default: 1)
GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**::
When this option is set to 0, do not vote to give the Guard flag to any
version of Tor vulnerable to CVE-2011-2769. (Default: 0)
HIDDEN SERVICE OPTIONS HIDDEN SERVICE OPTIONS
---------------------- ----------------------

3
src/or/config.c
View file

@ -295,8 +295,7 @@ static config_var_t _option_vars[] = {
V(GeoIPFile, FILENAME, V(GeoIPFile, FILENAME,
SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"),
#endif #endif
V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"),
BOOL, "0"),
OBSOLETE("Group"), OBSOLETE("Group"),
V(HardwareAccel, BOOL, "0"), V(HardwareAccel, BOOL, "0"),
V(HeartbeatPeriod, INTERVAL, "6 hours"), V(HeartbeatPeriod, INTERVAL, "6 hours"),

3
src/or/dirserv.c
View file

@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs,
routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= options->AuthDirGuardBWGuarantee) ||
routerbw >= MIN(guard_bandwidth_including_exits, routerbw >= MIN(guard_bandwidth_including_exits,
guard_bandwidth_excluding_exits)) && guard_bandwidth_excluding_exits)) &&
(options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || (is_router_version_good_for_possible_guard(ri->platform))) {
is_router_version_good_for_possible_guard(ri->platform))) {
long tk = rep_hist_get_weighted_time_known( long tk = rep_hist_get_weighted_time_known(
node->identity, now); node->identity, now);
double wfu = rep_hist_get_weighted_fractional_uptime( double wfu = rep_hist_get_weighted_fractional_uptime(

4
src/or/or.h
View file

@ -3270,10 +3270,6 @@ typedef struct {
* number of servers per IP address shared * number of servers per IP address shared
* with an authority. */ * with an authority. */
/** Should we assign the Guard flag to relays which would allow
* exploitation of CVE-2011-2768 against their clients? */
int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays;
/** If non-zero, always vote the Fast flag for any relay advertising /** If non-zero, always vote the Fast flag for any relay advertising
* this amount of capacity or more. */ * this amount of capacity or more. */
uint64_t AuthDirFastGuarantee; uint64_t AuthDirFastGuarantee;