diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-08-15 13:16:41 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-08-15 13:16:41 -0400 |
commit | cdd882ee71fb2966854fe271d9896b7bf389b35c (patch) | |
tree | 837a01b666738c9794dd00541488a812b5ae0c03 | |
parent | c9d3e09cf8d7fb5e2ed1e9f7bb5e37a1a1319792 (diff) | |
download | tor-cdd882ee71fb2966854fe271d9896b7bf389b35c.tar.gz tor-cdd882ee71fb2966854fe271d9896b7bf389b35c.zip |
Check for stream_id, not conn, on extend cells.
Extend cells aren't allowed to have a stream_id, but we were only
blocking them when they had a stream_id that corresponded to a
connection. As far as I can tell, this change is harmless: it will
make some kinds of broken clients not work any more, but afaik nobody
actually make a client that was broken in that way.
Found while hunting for other places where we made the same mistake
as in 6271.
Bugfix on d7f50337c14c back from May 2003, which introduced
telescoping circuit construction into 0.0.2pre8.
-rw-r--r-- | changes/bug6271-related | 6 | ||||
-rw-r--r-- | src/or/relay.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changes/bug6271-related b/changes/bug6271-related new file mode 100644 index 0000000000..78e53c8887 --- /dev/null +++ b/changes/bug6271-related @@ -0,0 +1,6 @@ + o Minor bugfixes (spec conformance): + - Reject EXTEND cells sent to nonexistent streams. According to the + spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but + we were only checking for stream IDs that were currenty in use. + Found while hunting for more instances of bug 6271. Bugfix on + 0.0.2pre8, which introduced incremental circuit construction. diff --git a/src/or/relay.c b/src/or/relay.c index 33735dea2a..a866d2d4ea 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1175,7 +1175,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, case RELAY_COMMAND_EXTEND: { static uint64_t total_n_extend=0, total_nonearly=0; total_n_extend++; - if (conn) { + if (rh.stream_id) { log_fn(LOG_PROTOCOL_WARN, domain, "'extend' cell received for non-zero stream. Dropping."); return 0; |