aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2011-09-28 10:31:56 -0400
committerNick Mathewson <nickm@torproject.org>2011-10-10 23:14:30 -0400
commit7aadae606b51460810163cac0a5e695ebbefa3b9 (patch)
treeee684d617ae83b3192ae003468ef0410759a6de5
parent41b250d7ea6b2d635d0e0b70cf7e1d5c1ed9ca4f (diff)
downloadtor-7aadae606b51460810163cac0a5e695ebbefa3b9.tar.gz
tor-7aadae606b51460810163cac0a5e695ebbefa3b9.zip
Make sure we stop putting cells into our hash at the right time.
-rw-r--r--src/or/command.c4
-rw-r--r--src/or/connection_or.c19
-rw-r--r--src/or/or.h13
3 files changed, 35 insertions, 1 deletions
diff --git a/src/or/command.c b/src/or/command.c
index 4da5f86009..d63b9dd352 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -243,7 +243,8 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
return; /*XXXX023 log*/
break;
case OR_CONN_STATE_OR_HANDSHAKING_V3:
- or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
+ if (cell->command != CELL_AUTHENTICATE)
+ or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
break; /* Everything is allowed */
case OR_CONN_STATE_OPEN:
if (conn->link_proto < 3)
@@ -1131,6 +1132,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
/* Okay, we are authenticated. */
conn->handshake_state->received_authenticate = 1;
conn->handshake_state->authenticated = 1;
+ conn->handshake_state->digest_received_data = 0;
{
crypto_pk_env_t *identity_rcvd =
tor_tls_cert_get_key(conn->handshake_state->id_cert);
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 1b40f36dfb..7cdea82191 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1573,6 +1573,8 @@ connection_init_or_handshake_state(or_connection_t *conn, int started_here)
or_handshake_state_t *s;
s = conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
s->started_here = started_here ? 1 : 0;
+ s->digest_sent_data = 1;
+ s->digest_received_data = 1;
return 0;
}
@@ -1606,6 +1608,13 @@ or_handshake_state_record_cell(or_handshake_state_t *state,
{
crypto_digest_env_t *d, **dptr;
packed_cell_t packed;
+ if (incoming) {
+ if (!state->digest_received_data)
+ return;
+ } else {
+ if (!state->digest_sent_data)
+ return;
+ }
if (!incoming) {
log_warn(LD_BUG, "We shouldn't be sending any non-variable-length cells "
"while making a handshake digest. But we think we are sending "
@@ -1638,6 +1647,13 @@ or_handshake_state_record_var_cell(or_handshake_state_t *state,
{
crypto_digest_env_t *d, **dptr;
char buf[VAR_CELL_HEADER_SIZE];
+ if (incoming) {
+ if (!state->digest_received_data)
+ return;
+ } else {
+ if (!state->digest_sent_data)
+ return;
+ }
dptr = incoming ? &state->digest_received : &state->digest_sent;
if (! *dptr)
*dptr = crypto_new_digest256_env(DIGEST_SHA256);
@@ -1891,6 +1907,8 @@ connection_or_send_netinfo(or_connection_t *conn)
int len;
uint8_t *out;
+ tor_assert(conn->handshake_state);
+
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_NETINFO;
@@ -1917,6 +1935,7 @@ connection_or_send_netinfo(or_connection_t *conn)
*out = 0;
}
+ conn->handshake_state->digest_sent_data = 0;
connection_or_write_cell_to_buf(&cell, conn);
return 0;
diff --git a/src/or/or.h b/src/or/or.h
index 887dcb6ad8..aa12e31d67 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1145,6 +1145,19 @@ typedef struct or_handshake_state_t {
/* True iff we've received valid authentication to some identity. */
unsigned int authenticated : 1;
+ /** True iff we should feed outgoing cells into digest_sent and
+ * digest_received respectively.
+ *
+ * From the server's side of the v3 handshake, we want to capture everything
+ * from the VERSIONS cell through and including the AUTH_CHALLENGE cell.
+ * From the client's, we want to capture everything from the VERSIONS cell
+ * through but *not* including the AUTHENTICATE cell.
+ *
+ * @{ */
+ unsigned int digest_sent_data : 1;
+ unsigned int digest_received_data : 1;
+ /**@}*/
+
/** Identity digest that we have received and authenticated for our peer
* on this connection. */
uint8_t authenticated_peer_id[DIGEST_LEN];