diff options
author | Nick Mathewson <nickm@torproject.org> | 2011-11-03 12:31:31 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2011-11-03 12:31:31 -0400 |
commit | 248b967ce6fda04530aba4232dba5f230cf71b44 (patch) | |
tree | a5e8bc050b74108f7da29abd047e3b316c976c66 | |
parent | 3dd2f990a385caec99cad07b5cdcfa8abebcbf6c (diff) | |
download | tor-248b967ce6fda04530aba4232dba5f230cf71b44.tar.gz tor-248b967ce6fda04530aba4232dba5f230cf71b44.zip |
Add comments and changes file for 4361; tweak control flow a bit
-rw-r--r-- | changes/bug4361 | 4 | ||||
-rw-r--r-- | src/or/command.c | 24 |
2 files changed, 21 insertions, 7 deletions
diff --git a/changes/bug4361 b/changes/bug4361 new file mode 100644 index 0000000000..887eb9f3f0 --- /dev/null +++ b/changes/bug4361 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Spec conformance: on a v3 handshake, do not send a NETINFO cell until + after we have received a CERTS cell. Bugfix on 0.2.3.6-alpha; + fixes bug 4361; patch by "frosty". diff --git a/src/or/command.c b/src/or/command.c index 808333e2b1..e61fef7c2e 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -686,8 +686,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) const int send_certs = !started_here || public_server_mode(get_options()); /* If we're a relay that got a connection, ask for authentication. */ const int send_chall = !started_here && public_server_mode(get_options()); - /* If our certs cell will authenticate us, or if we have no intention of - * authenticating, send a netinfo cell right now. */ + /* If our certs cell will authenticate us, we can send a netinfo cell + * right now. */ const int send_netinfo = !started_here; const int send_any = send_versions || send_certs || send_chall || send_netinfo; @@ -915,6 +915,7 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) uint8_t *ptr; int n_certs, i; + int send_netinfo = 0; if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) ERR("We're not doing a v3 handshake!"); @@ -1020,12 +1021,12 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) conn->handshake_state->id_cert = id_cert; id_cert = NULL; + if (!public_server_mode(get_options())) { - if (connection_or_send_netinfo(conn) < 0) { - log_warn(LD_OR, "Couldn't send netinfo cell"); - connection_mark_for_close(TO_CONN(conn)); - goto err; - } + /* If we initiated the connection and we are not a public server, we + * aren't planning to authenticate at all. At this point we know who we + * are talking to, so we can just send a netinfo now. */ + send_netinfo = 1; } } else { if (! (id_cert && auth_cert)) @@ -1048,6 +1049,15 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) } conn->handshake_state->received_cert_cell = 1; + + if (send_netinfo) { + if (connection_or_send_netinfo(conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_mark_for_close(TO_CONN(conn)); + goto err; + } + } + err: tor_cert_free(id_cert); tor_cert_free(link_cert); |