[tor-commits] [tor/master] prop250: Only trust known authority when computing SRV

nickm at torproject.org nickm at torproject.org
Fri Jul 1 19:35:16 UTC 2016


commit 545b77e2f8fac6cf5909bb6b69b52d9cb4f8f397
Author: David Goulet <dgoulet at torproject.org>
Date:   Wed May 11 16:02:18 2016 -0400

    prop250: Only trust known authority when computing SRV
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/or/shared_random.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/or/shared_random.c b/src/or/shared_random.c
index 6e6ff3b..d409d10 100644
--- a/src/or/shared_random.c
+++ b/src/or/shared_random.c
@@ -951,6 +951,16 @@ sr_compute_srv(void)
   DIGESTMAP_FOREACH(state_commits, key, sr_commit_t *, c) {
     /* Extra safety net, make sure we have valid commit before using it. */
     ASSERT_COMMIT_VALID(c);
+    /* Let's not use a commit from an authority that we don't know. It's
+     * possible that an authority could be removed during a protocol run so
+     * that commit value should never be used in the SRV computation. */
+    if (trusteddirserver_get_by_v3_auth_digest(c->rsa_identity) == NULL) {
+      log_warn(LD_DIR, "SR: Fingerprint %s is not from a recognized "
+               "authority. Discarding commit for the SRV computation.",
+               sr_commit_get_rsa_fpr(c));
+      continue;
+    }
+    /* We consider this commit valid. */
     smartlist_add(commits, c);
   } DIGESTMAP_FOREACH_END;
   smartlist_sort(commits, compare_reveal_);





More information about the tor-commits mailing list