Merge remote-tracking branch 'origin/maint-0.2.2'

4 files changed, 32 insertions, 4 deletions

diff --git a/changes/bug2442 b/changes/bug2442
new file mode 100644
index 0000000000..cbcc22bb80
--- /dev/null
+++ b/changes/bug2442
@@ -0,0 +1,8 @@
+  * Minor bugfixes:
+
+    - Demote the 'replay detected' log message emitted when a hidden
+      service receives the same Diffie-Hellman public key in two
+      different INTRODUCE2 cells to info level.  A normal Tor client
+      can cause that log message during its normal operation.  Bugfix
+      on 0.2.1.6-alpha; fixes part of bug 2442.
+
diff --git a/changes/bug2442b b/changes/bug2442b
new file mode 100644
index 0000000000..02e1636e91
--- /dev/null
+++ b/changes/bug2442b
@@ -0,0 +1,8 @@
+  * Minor bugfixes:
+
+    - Demote the 'INTRODUCE2 cell is too {old,new}' log message to
+      info level.  There is nothing that a hidden service's operator
+      can do to fix its clients' clocks.  Bugfix on 0.2.1.6-alpha;
+      fixes part of bug 2442.
+
+
diff --git a/src/or/or.h b/src/or/or.h
index bf404df7e2..268e62fd8c 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3898,14 +3898,17 @@ typedef struct rend_encoded_v2_service_descriptor_t {
   char *desc_str; /**< Descriptor string. */
 } rend_encoded_v2_service_descriptor_t;
 
-/** Introduction point information. */
+/** Introduction point information.  Used both in rend_service_t (on
+ * the service side) and in rend_service_descriptor_t (on both the
+ * client and service side). */
 typedef struct rend_intro_point_t {
   extend_info_t *extend_info; /**< Extend info of this introduction point. */
   crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service
                                * key, if this descriptor is V2. */
 } rend_intro_point_t;
 
-/** Information used to connect to a hidden service. */
+/** Information used to connect to a hidden service.  Used on both the
+ * service side and the client side. */
 typedef struct rend_service_descriptor_t {
   crypto_pk_env_t *pk; /**< This service's public key. */
   int version; /**< Version of the descriptor format: 0 or 2. */
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 13bf5ad450..440359a321 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1021,7 +1021,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     v3_shift += 4;
     if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
         (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
-      log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
+      /* This is far more likely to mean that a client's clock is
+       * skewed than that a replay attack is in progress. */
+      log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
                (now - ts) < 0 ? "old" : "new");
       return -1;
     }
@@ -1125,7 +1127,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
    * part 1. */
   access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash);
   if (access_time != NULL) {
-    log_warn(LD_REND, "Possible replay detected! We received an "
+    /* A Tor client will send a new INTRODUCE1 cell with the same rend
+     * cookie and DH public key as its previous one if its intro circ
+     * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT .
+     * If we received the first INTRODUCE1 cell (the intro-point relay
+     * converts it into an INTRODUCE2 cell), we are already trying to
+     * connect to that rend point (and may have already succeeded);
+     * drop this cell. */
+    log_info(LD_REND, "We received an "
              "INTRODUCE2 cell with same first part of "
              "Diffie-Hellman handshake %d seconds ago. Dropping "
              "cell.",