[or-cvs] Note a vulnerability with our current recommended-version c...

arma at seul.org arma at seul.org
Wed Mar 22 06:22:14 UTC 2006


Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or

Modified Files:
	directory.c routerlist.c 
Log Message:
Note a vulnerability with our current recommended-version concensus
building.

Make the warnings about invalid and unnamed nodes scale better, and
update the text of the warnings.

Change router_have_minimum_dir_info() to only be happy when it has
enough network-statuses ("more than half") to be willing to actually
build circuits.

Not yet done: when we fail to get a networkstatus that we wanted, and
!router_have_minimum_dir_info(), we should retry it quicker than a whole
minute from now.


Index: directory.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/directory.c,v
retrieving revision 1.363
retrieving revision 1.364
diff -u -p -d -r1.363 -r1.364
--- directory.c	18 Mar 2006 01:24:04 -0000	1.363
+++ directory.c	22 Mar 2006 06:22:12 -0000	1.364
@@ -1857,7 +1857,7 @@ dir_networkstatus_download_failed(smartl
   });
 }
 
-/** Called when one or more networkstatus fetches have failed (with uppercase
+/** Called when one or more routerdesc fetches have failed (with uppercase
  * fingerprints listed in <b>failed</>). */
 static void
 dir_routerdesc_download_failed(smartlist_t *failed)

Index: routerlist.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/routerlist.c,v
retrieving revision 1.465
retrieving revision 1.466
diff -u -p -d -r1.465 -r1.466
--- routerlist.c	21 Mar 2006 05:27:35 -0000	1.465
+++ routerlist.c	22 Mar 2006 06:22:12 -0000	1.466
@@ -2738,6 +2738,8 @@ compute_recommended_versions(time_t now,
       vers = client ? ns->client_versions : ns->server_versions;
       if (!vers)
         continue;
+      /* XXX Attack: a single dirserver can make a version recommended
+       * by repeating it many times in his recommended list. -RD */
       smartlist_split_string(combined, vers, ",",
                              SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
     });
@@ -2809,22 +2811,18 @@ routers_update_all_from_networkstatus(vo
         ++n_named;
     });
 
-    if (n_recent >= 2 && n_listing >= 2) {
-      /* XXX When we have more than 3 dirservers, these warnings
-       * might become spurious depending on which combination of
-       * network-statuses we have. Perhaps we should wait until we
-       * have tried all of them? -RD */
+    if (n_recent >= 2 && n_listing >= 2 &&
+        have_tried_downloading_all_statuses()) {
       if (n_valid <= n_recent/2)  {
         log_warn(LD_GENERAL,
                  "%d/%d recent statements from directory authorities list us "
-                 "as invalid. Please "
-                 "consider sending your identity fingerprint to the tor-ops.",
+                 "as unapproved. Are you misconfigured?",
                  n_recent-n_valid, n_recent);
         have_warned_about_invalid_status = 1;
-      } else if (!n_named && have_tried_downloading_all_statuses()) {
+      } else if (n_naming && !n_named) {
         log_warn(LD_GENERAL, "0/%d name-binding directory authorities "
-                 "recognize this server. Please consider sending your "
-                 "identity fingerprint to the tor-ops.",
+                 "recognize your nickname. Please consider sending your "
+                 "nickname and identity fingerprint to the tor-ops.",
                  n_naming);
         have_warned_about_invalid_status = 1;
       }
@@ -3591,7 +3589,7 @@ update_router_descriptor_cache_downloads
    * - if d is a member of some downloadable[x], d is a member of some
    *   download_from[y].  (Everything we want to download, we try to download
    *   from somebody.)
-   * - If d is a mamber of download_from[y], d is a member of downloadable[y].
+   * - If d is a member of download_from[y], d is a member of downloadable[y].
    *   (We only try to download descriptors from authorities who claim to have
    *   them.)
    * - No d is a member of download_from[x] and download_from[y] s.t. x != y.
@@ -3657,21 +3655,25 @@ update_router_descriptor_downloads(time_
 }
 
 /** Return true iff we have enough networkstatus and router information to
- * start building circuits.  Right now, this means "at least 2 networkstatus
- * documents, and at least 1/4 of expected routers." */
+ * start building circuits.  Right now, this means "more than half the
+ * networkstatus documents, and at least 1/4 of expected routers." */
 //XXX should consider whether we have enough exiting nodes here.
 int
 router_have_minimum_dir_info(void)
 {
   int tot = 0, num_running = 0;
-  int n_ns, res, avg;
+  int n_ns, n_authorities, res, avg;
   static int have_enough = 0;
   if (!networkstatus_list || !routerlist) {
     res = 0;
     goto done;
   }
+  n_authorities = smartlist_len(trusted_dir_servers);
   n_ns = smartlist_len(networkstatus_list);
-  if (n_ns<2) {
+  if (n_ns<=n_authorities/2) {
+    log_info(LD_DIR,
+             "We have %d of %d network statuses, and we want "
+             "more than %d.", n_ns, n_authorities, n_authorities/2);
     res = 0;
     goto done;
   }



More information about the tor-commits mailing list