summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2012-07-01 17:36:35 -0400
committerRoger Dingledine <arma@torproject.org>2012-07-01 17:36:35 -0400
commitd13389b30ec2e17a8f08a00f82fac420ae968cd1 (patch)
treeb140bfebfe7427191ef166b76c7560f39340ce5f
parentc32ec9c425e9539bcc8ede95612e2d331c2cc2dd (diff)
downloadtor-d13389b30ec2e17a8f08a00f82fac420ae968cd1.tar.gz
tor-d13389b30ec2e17a8f08a00f82fac420ae968cd1.zip
Revert "Detect bug 6252 (unexpected sendme cell)"
This reverts commit c32ec9c425e9539bcc8ede95612e2d331c2cc2dd. It turns out the two sides of the circuit don't actually stay in sync, so it is perfectly normal for the circuit window on the exit relay to grow to 2000+. We should fix that bug and then reconsider this patch.
-rw-r--r--changes/bug62528
-rw-r--r--src/or/relay.c14
2 files changed, 0 insertions, 22 deletions
diff --git a/changes/bug6252 b/changes/bug6252
deleted file mode 100644
index 0d29203fab..0000000000
--- a/changes/bug6252
+++ /dev/null
@@ -1,8 +0,0 @@
- o Security fixes:
- - Tear down the circuit if we get an unexpected SENDME cell. Clients
- could use this trick to make their circuits receive cells faster
- than our flow control would have allowed, or to gum up the network,
- or possibly to do targeted memory denial-of-service attacks on
- entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
- from July 2002, before the release of Tor 0.0.0.
-
diff --git a/src/or/relay.c b/src/or/relay.c
index 4ab440384f..3f894bfe1f 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1265,25 +1265,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
case RELAY_COMMAND_SENDME:
if (!conn) {
if (layer_hint) {
- if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
- CIRCWINDOW_START_MAX) {
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Bug/attack: unexpected sendme cell from exit relay. "
- "Closing circ.");
- return -END_CIRC_REASON_TORPROTOCOL;
- }
layer_hint->package_window += CIRCWINDOW_INCREMENT;
log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
layer_hint->package_window);
circuit_resume_edge_reading(circ, layer_hint);
} else {
- if (circ->package_window + CIRCWINDOW_INCREMENT >
- CIRCWINDOW_START_MAX) {
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Bug/attack: unexpected sendme cell from client. "
- "Closing circ.");
- return -END_CIRC_REASON_TORPROTOCOL;
- }
circ->package_window += CIRCWINDOW_INCREMENT;
log_debug(LD_APP,
"circ-level sendme at non-origin, packagewindow %d.",