rend_service_introduce(): do protocol violation check before anything else.

(Cherry-picked from 6ba13e4 by nickm)

2 files changed, 12 insertions, 7 deletions

diff --git a/changes/bug5644 b/changes/bug5644
new file mode 100644
index 0000000000..a390eba996
--- /dev/null
+++ b/changes/bug5644
@@ -0,0 +1,5 @@
+  o Major bugfixes
+    - Prevent a client-side assertion failure when receiving an
+      INTRODUCE2 cell by an exit relay, in a general purpose
+      circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index bb3aacd924..a1daa8a550 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -909,13 +909,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   time_t *access_time;
   or_options_t *options = get_options();
 
-  tor_assert(circuit->rend_data);
-
-  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
-                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
-  log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.",
-           escaped(serviceid), circuit->_base.n_circ_id);
-
   if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) {
     log_warn(LD_PROTOCOL,
              "Got an INTRODUCE2 over a non-introduction circuit %d.",
@@ -923,6 +916,13 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     return -1;
   }
 
+  tor_assert(circuit->rend_data);
+
+  base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
+                circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN);
+  log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.",
+           escaped(serviceid), circuit->_base.n_circ_id);
+
   /* min key length plus digest length plus nickname length */
   if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+
       DH_KEY_LEN+42) {