commit 7692f443d4ba5c79c8acb74991b614685345c406 Author: David Goulet dgoulet@torproject.org Date: Wed Jan 20 11:24:47 2021 -0500
config: Remove Bridge <-> ClientTransportPlugin validation
This validation was only done if DisableNetwork was off because we would use the global list of transports/bridges and DisableNetwork would not populate it.
This was a problem for any user using DisableNetwork which includes Tor Browser and thus leading to the Bug() warning.
Without a more in depth refactoring, we can't do this validation without the global list.
The previous commit makes it that any connection to a bridge without a transport won't happen thus we keep the security feature of not connecting to a bridge without its corresponding transport.
Related to #40106
Signed-off-by: David Goulet dgoulet@torproject.org --- changes/ticket40106 | 9 +++++---- src/app/config/config.c | 17 ----------------- 2 files changed, 5 insertions(+), 21 deletions(-)
diff --git a/changes/ticket40106 b/changes/ticket40106 index d007cf535e..3f344d478f 100644 --- a/changes/ticket40106 +++ b/changes/ticket40106 @@ -1,5 +1,6 @@ o Minor bugfixes (config, bridge): - - Really fix the case where torrc has a missing ClientTransportPlugin but - configured with a Bridge line and UseBridges. Previously, we failed to - also look at the managed proxy list and thus it would fail for the - "exec" case. Fixes bug 40106; bugfix on 0.4.5.1-alpha. + - Don't initiate a connection to a bridge without a corresponding + transport. Fixes bug 40106; bugfix on 0.4.5.1-alpha. + - This also reverts an earlier fix we did for this that would validate + configuration to avoid such situation but turns out it wouldn't work for + a DisableNetwork thus the new approach. diff --git a/src/app/config/config.c b/src/app/config/config.c index 7db5e5cfa8..c7799ec1a2 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -2189,23 +2189,6 @@ options_act,(const or_options_t *old_options)) } }
- /* Validate that we actually have a configured transport for a Bridge line - * that has one. This is done here because we require the bridge and - * transport to be added to the global list before doing the validation. - * - * In an ideal world, pt_parse_transport_line() would actually return a - * transport_t object so we could inspect it and thus do this step at - * validation time. */ - SMARTLIST_FOREACH_BEGIN(bridge_list_get(), const bridge_info_t *, bi) { - const char *bi_transport_name = bridget_get_transport_name(bi); - if (bi_transport_name && (!transport_get_by_name(bi_transport_name) && - !managed_proxy_has_transport(bi_transport_name))) { - log_warn(LD_CONFIG, "Bridge line with transport %s is missing a " - "ClientTransportPlugin line", bi_transport_name); - return -1; - } - } SMARTLIST_FOREACH_END(bi); - if (options_act_server_transport(old_options) < 0) return -1;