r13734@catbus: nickm | 2007-07-12 12:50:39 -0400

 Backport r10790: omit reasons from destroy cells from the circuit origin.


svn:r10814

3 files changed, 9 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 055244c965..941dbfef92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,11 @@ Changes in version 0.1.2.15 - 2007-0?-??
     - Fix a possible buffer overrun when using BSD natd support.  Bug found
       by "Mr. Croup."
 
+  o Minor bugfixes (security):
+    - When sending destroy cells from a circuit's origin, don't include
+      the reason for tearing down the circuit. The spec says we didn't,
+      and now we actually don't. Reported by lodger.
+
   o Minor bugfixes (directory)
     - Count the number of authorities that recommend each version
       correctly.  Previously, we were under-counting by 1.
diff --git a/doc/TODO.012 b/doc/TODO.012
index b3b4c80bb7..eb6828cef0 100644
--- a/doc/TODO.012
+++ b/doc/TODO.012
@@ -16,7 +16,7 @@ Backport items for 0.1.2:
   o r10643: eventdns.c behavior fix for solaris.
   - r10730: Don't choose guards after any never-connected-to guard. (??)
   o r10760: fix possible buffer overrun in old BSD natd code
-  - r10790: Don't include reasons in destroy cells from the origin.
+  o r10790: Don't include reasons in destroy cells from the origin.
   - Some fix for bug 455.
 
 
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index ed02e4a17c..fedd4169b8 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -884,9 +884,9 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line,
                file, line, circ->purpose);
     }
     reason = END_CIRC_REASON_NONE;
-  } else if (CIRCUIT_IS_ORIGIN(circ) && reason < _END_CIRC_REASON_MIN) {
-    /* We don't send reasons when closing circuits at the origin, but we want
-     * to track them anyway so we can give them to the controller. */
+  }
+  if (CIRCUIT_IS_ORIGIN(circ)) {
+    /* We don't send reasons when closing circuits at the origin. */
     reason = END_CIRC_REASON_NONE;
   }