[tor-commits] [tor/maint-0.2.2] bug 4115: make bridges use begindir for their dir fetches

arma at torproject.org arma at torproject.org
Wed Sep 28 19:12:55 UTC 2011


commit 0b5d2646d56fe351b8b2b4bc97bbad30cb34b6d4
Author: Roger Dingledine <arma at torproject.org>
Date:   Wed Sep 28 14:50:43 2011 -0400

    bug 4115: make bridges use begindir for their dir fetches
    
    removes another avenue for enumerating bridges.
---
 changes/bug4115    |    7 +++++++
 src/or/directory.c |    3 +--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/changes/bug4115 b/changes/bug4115
new file mode 100644
index 0000000..626791a
--- /dev/null
+++ b/changes/bug4115
@@ -0,0 +1,7 @@
+  o Security fixes:
+    - Bridge relays now do their directory fetches inside Tor TLS
+      connections, like all the other clients do, rather than connecting
+      directly to the DirPort like public relays do. Removes another
+      avenue for enumerating bridges. Fixes part of bug 4115; bugfix
+      on 0.2.0.35.
+
diff --git a/src/or/directory.c b/src/or/directory.c
index 52fec6b..e3cc70f 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -785,8 +785,7 @@ directory_command_should_use_begindir(or_options_t *options,
     return 0; /* We don't know an ORPort -- no chance. */
   if (!anonymized_connection)
     if (!fascist_firewall_allows_address_or(addr, or_port) ||
-        directory_fetches_from_authorities(options) ||
-        (server_mode(options) && !options->Address))
+        directory_fetches_from_authorities(options))
       return 0; /* We're firewalled or are acting like a relay -- also no. */
   if (!options->TunnelDirConns &&
       router_purpose != ROUTER_PURPOSE_BRIDGE)



More information about the tor-commits mailing list