commit 427ae164f33aad6004290fc407d53ab3315b399a
parent 9e0587f806268c0ab96a73238c0409e95b0fbed6
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 20 Sep 2017 09:38:50 -0400
Fix a comment that misunderstood is_canonical
is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it." The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.
Related to 22890.
Diffstat:
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
@@ -1793,12 +1793,11 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
return;
}
/* A relay can connect from anywhere and be canonical, so
- * long as it tells you from where it came. This may be a bit
- * concerning.. Luckily we have another check in
- * channel_tls_matches_target_method() to ensure that extends
- * only go to the IP they ask for.
- *
- * XXX: Bleh. That check is not used if the connection is canonical.
+ * long as it tells you from where it came. This may sound a bit
+ * concerning... but that's what "canonical" means: that the
+ * address is one that the relay itself has claimed. The relay
+ * might be doing something funny, but nobody else is doing a MITM
+ * on the relay's TCP.
*/
if (tor_addr_eq(&addr, &(chan->conn->real_addr))) {
connection_or_set_canonical(chan->conn, 1);
