commit 22a1e9cac18f69e6e14c0e84785460f2074d8575 Author: teor teor2345@gmail.com Date: Thu Dec 25 23:42:38 2014 +1100
Avoid excluding guards from path building in minimal test networks
choose_good_entry_server() now excludes current entry guards and their families, unless we're in a test network, and excluding guards would exclude all nodes.
This typically occurs in incredibly small tor networks, and those using TestingAuthVoteGuard *
This is an incomplete fix, but is no worse than the previous behaviour, and only applies to minimal, testing tor networks (so it's no less secure).
Discovered as part of #13718. --- changes/bug13718-avoid-excluding-guards | 8 ++++++++ src/or/circuitbuild.c | 13 +++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/changes/bug13718-avoid-excluding-guards b/changes/bug13718-avoid-excluding-guards new file mode 100644 index 0000000..bf80d2a --- /dev/null +++ b/changes/bug13718-avoid-excluding-guards @@ -0,0 +1,8 @@ + o Minor bugfixes: + - Avoid excluding guards from path building in minimal test networks, + when we're in a test network, and excluding guards would exclude + all nodes. This typically occurs in incredibly small tor networks, + and those using TestingAuthVoteGuard * + This fix only applies to minimal, testing tor networks, + so it's no less secure. + Discovered as part of #13718. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 36ccdc9..a834e7b 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2053,9 +2053,18 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state) smartlist_add(excluded, (void*)node); }); } - /* and exclude current entry guards and their families, if applicable */ + /* and exclude current entry guards and their families, + * unless we're in a test network, and excluding guards + * would exclude all nodes (i.e. we're in an incredibly small tor network, + * or we're using TestingAuthVoteGuard *). + * This is an incomplete fix, but is no worse than the previous behaviour, + * and only applies to minimal, testing tor networks + * (so it's no less secure) */ /*XXXX025 use the using_as_guard flag to accomplish this.*/ - if (options->UseEntryGuards) { + if (options->UseEntryGuards + && (!options->TestingTorNetwork || + smartlist_len(nodelist_get_list()) > smartlist_len(get_entry_guards()) + )) { SMARTLIST_FOREACH(get_entry_guards(), const entry_guard_t *, entry, { if ((node = node_get_by_id(entry->identity))) {