aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-10-19 03:06:15 -0400
committerNick Mathewson <nickm@torproject.org>2012-10-19 03:06:15 -0400
commit0dac0d8ad68f17fa1803ebd82e402e5181e0532a (patch)
tree7eba47da137b28e8682b7441547843359fa5aaa3
parent9f1b1ef4fbc67b2d3f6e2f9b2dd4d8cd44dc49b7 (diff)
parentb6931b010512d3d8cbda24c87a8cf379305e1457 (diff)
downloadtor-0dac0d8ad68f17fa1803ebd82e402e5181e0532a.tar.gz
tor-0dac0d8ad68f17fa1803ebd82e402e5181e0532a.zip
Merge remote-tracking branch 'origin/maint-0.2.3'
Diffstat
-rw-r--r--changes/dirserv-BUGGY-a7
-rw-r--r--src/or/directory.c2
2 files changed, 9 insertions, 0 deletions
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644
index 0000000000..35b492a2d7
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+
+ - Don't serve or accept v2 hidden service descriptors over a
+ relay's DirPort. It's never correct to do so, and disabling it
+ might make it more annoying to exploit any bugs that turn up in the
+ descriptor-parsing code. Fixes bug 7149.
+
diff --git a/src/or/directory.c b/src/or/directory.c
index 2f70d1100d..26f9acc0e2 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3168,6 +3168,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
}
if (options->HidServDirectoryV2 &&
+ connection_dir_is_encrypted(conn) &&
!strcmpstart(url,"/tor/rendezvous2/")) {
/* Handle v2 rendezvous descriptor fetch request. */
const char *descp;
@@ -3354,6 +3355,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
/* Handle v2 rendezvous service publish request. */
if (options->HidServDirectoryV2 &&
+ connection_dir_is_encrypted(conn) &&
!strcmpstart(url,"/tor/rendezvous2/publish")) {
switch (rend_cache_store_v2_desc_as_dir(body)) {
case -2:
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion