diff options
| author | Nick Mathewson <nickm@torproject.org> | 2019-07-23 14:03:30 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-07-23 14:03:30 -0400 |
| commit | ab1f82ea2a3ef9f9bc920885e40e7b477b3dfb93 (patch) | |
| tree | c9cbba1e74e9450621ec6c4db32988f33e2339a1 | |
| parent | ab1f39322c22c3801ffd3a7e6842352230fff113 (diff) | |
| parent | df12ff3deaa7ad4a5eb2098f4ed9d12ee4084d6d (diff) | |
| download | tor-ab1f82ea2a3ef9f9bc920885e40e7b477b3dfb93.tar.gz tor-ab1f82ea2a3ef9f9bc920885e40e7b477b3dfb93.zip | |
Merge branch 'ticket24963_042_02'
| -rw-r--r-- | changes/ticket24963 | 5 | ||||
| -rw-r--r-- | src/feature/hs/hs_intropoint.c | 9 | ||||
| -rw-r--r-- | src/test/test_hs_intropoint.c | 13 |
3 files changed, 26 insertions, 1 deletions
diff --git a/changes/ticket24963 b/changes/ticket24963 new file mode 100644 index 0000000000..50adcfaaf4 --- /dev/null +++ b/changes/ticket24963 @@ -0,0 +1,5 @@ + o Minor feature (onion service): + - Disallow single hop clients to introduce directly at the introduction + point. We've removed Tor2web a while back and rendezvous are blocked at + the relays. This is to remove load off the network from spammy clients. + Close ticket 24963. diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index 9333060e7e..6383d3ed22 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -10,6 +10,7 @@ #include "core/or/or.h" #include "app/config/config.h" +#include "core/or/channel.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" #include "core/or/relay.h" @@ -546,6 +547,14 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ) return 0; } + /* Disallow single hop client circuit. */ + if (circ->p_chan && channel_is_client(circ->p_chan)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Single hop client was rejected while trying to introduce. " + "Closing circuit."); + return 0; + } + return 1; } diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 732836fb5b..0cdb1fef27 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -16,6 +16,7 @@ #include "lib/crypt_ops/crypto_rand.h" #include "core/or/or.h" +#include "core/or/channel.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" #include "ht.h" @@ -693,6 +694,17 @@ test_introduce1_suitable_circuit(void *arg) tt_int_op(ret, OP_EQ, 0); } + /* Single hop circuit should not be allowed. */ + { + circ = or_circuit_new(0, NULL); + circ->p_chan = tor_malloc_zero(sizeof(channel_t)); + circ->p_chan->is_client = 1; + ret = circuit_is_suitable_for_introduce1(circ); + tor_free(circ->p_chan); + circuit_free_(TO_CIRCUIT(circ)); + tt_int_op(ret, OP_EQ, 0); + } + done: ; } @@ -927,4 +939,3 @@ struct testcase_t hs_intropoint_tests[] = { END_OF_TESTCASES }; - |