Patch from lark: drop BEGIN cells from a rendevous circuit if they do not originate from the end of the circuit.

svn:r18667

2 files changed, 9 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index ffb4a1030e..31a87219b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,8 @@ Changes in version 0.2.1.13-????? - 2009-02-??
       stream never finished making its connection, it would live
       forever in circuit_wait state. Now we close it after SocksTimeout
       seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
+    - Drop begin cells to a hidden service if they come from the middle of a
+      circuit.  Patch from lark.
 
   o Minor features:
     - On Linux, use the prctl call to re-enable core dumps when the user
diff --git a/src/or/relay.c b/src/or/relay.c
index 0c607f04f7..a6a8fef707 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1019,6 +1019,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
                "Relay begin request unsupported at AP. Dropping.");
         return 0;
       }
+      if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
+          layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
+        log_fn(LOG_PROTOCOL_WARN, LD_APP,
+               "Relay begin request to Hidden Service "
+               "from intermediary node. Dropping.");
+        return 0;
+      }
       if (conn) {
         log_fn(LOG_PROTOCOL_WARN, domain,
                "Begin cell for known stream. Dropping.");