diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-10-30 10:51:20 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-10-30 10:51:20 -0400 |
| commit | 148b5b03a365eae7d8e527d337f9df91d6350f9b (patch) | |
| tree | 43e6dbdf047ef963b0b2e06ea0a38635941cabf0 /src/core/or/circuitbuild.c | |
| parent | 54e6109499c2ba11ef9c99073bee449c61ebc080 (diff) | |
| parent | afb6ff17390cb13780c6e813ad0535048dbd9d3c (diff) | |
| download | tor-148b5b03a365eae7d8e527d337f9df91d6350f9b.tar.gz tor-148b5b03a365eae7d8e527d337f9df91d6350f9b.zip | |
Merge branch 'bug40080_035'
Diffstat (limited to 'src/core/or/circuitbuild.c')
| -rw-r--r-- | src/core/or/circuitbuild.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index a3a7a8cf58..af38014c69 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -654,21 +654,37 @@ circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits) circ->state != CIRCUIT_STATE_CHAN_WAIT) continue; - if (tor_digest_is_zero(circ->n_hop->identity_digest)) { + const char *rsa_ident = NULL; + const ed25519_public_key_t *ed_ident = NULL; + if (! tor_digest_is_zero(circ->n_hop->identity_digest)) { + rsa_ident = circ->n_hop->identity_digest; + } + if (! ed25519_public_key_is_zero(&circ->n_hop->ed_identity)) { + ed_ident = &circ->n_hop->ed_identity; + } + + if (rsa_ident == NULL && ed_ident == NULL) { /* Look at addr/port. This is an unkeyed connection. */ if (!channel_matches_extend_info(chan, circ->n_hop)) continue; } else { - /* We expected a key. See if it's the right one. */ - if (tor_memneq(chan->identity_digest, - circ->n_hop->identity_digest, DIGEST_LEN)) + /* We expected a key or keys. See if they matched. */ + if (!channel_remote_identity_matches(chan, rsa_ident, ed_ident)) continue; + + /* If the channel is canonical, great. If not, it needs to match + * the requested address exactly. */ + if (! chan->is_canonical && + ! channel_matches_extend_info(chan, circ->n_hop)) { + continue; + } } if (!status) { /* chan failed; close circ */ log_info(LD_CIRC,"Channel failed; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); continue; } + if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) { log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); |