Fix obscure 64-bit big-endian hidserv bug

Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.

2 files changed, 6 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 3699dbc99d..1da6a97193 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@ Changes in version 0.2.1.20 - 2009-??-??
     - Fix an extremely rare infinite recursion bug that could occur if
       we tried to log a message after shutting down the log subsystem.
       Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+    - Fix an obscure bug where hidden services on 64-bit big-endian
+      systems might mis-read the timestamp in v3 introduce cells, and
+      refuse to connect back to the client. Discovered by "rotor".
+      Bugfix on 0.2.1.6-alpha.
     - We were triggering a CLOCK_SKEW controller status event whenever
       we connect via the v2 connection protocol to any relay that has
       a wrong clock. Instead, we should only inform the controller when
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 7ba00993c4..3144ef2f04 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
     }
 
     /* Check timestamp. */
-    memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
+    ts = ntohl(get_uint32(buf+1+v3_shift));
     v3_shift += 4;
-    ts = ntohl((uint32_t)ts);
     if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
         (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
       log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
-          (now - ts) < 0 ? "old" : "new");
+               (now - ts) < 0 ? "old" : "new");
       return -1;
     }
   }