summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2022-08-02 16:14:02 -0400
committerDavid Goulet <dgoulet@torproject.org>2022-08-02 16:14:02 -0400
commiteee35adf74066581f19ea687f4b5c2f0974676be (patch)
tree512c8af1a2f18749e9cd88f4f64391699d4fd73d /src/core
parent645eff49ac0c382c8eeb228b31cace885077e5ec (diff)
parent5cc6ab0c1e21e6c410f28fcbe67876277dab633d (diff)
downloadtor-eee35adf74066581f19ea687f4b5c2f0974676be.tar.gz
tor-eee35adf74066581f19ea687f4b5c2f0974676be.zip
Merge branch 'maint-0.4.6' into maint-0.4.7
Diffstat (limited to 'src/core')
-rw-r--r--src/core/or/command.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/core/or/command.c b/src/core/or/command.c
index 8ba573ef09..cad7a173b6 100644
--- a/src/core/or/command.c
+++ b/src/core/or/command.c
@@ -656,9 +656,11 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
if (!CIRCUIT_IS_ORIGIN(circ) &&
chan == TO_OR_CIRCUIT(circ)->p_chan &&
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
- /* the destroy came from behind */
+ /* The destroy came from behind so nullify its p_chan. Close the circuit
+ * with a DESTROYED reason so we don't propagate along the path forward the
+ * reason which could be used as a side channel. */
circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);
- circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
+ circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
} else { /* the destroy came from ahead */
circuit_set_n_circid_chan(circ, 0, NULL);
if (CIRCUIT_IS_ORIGIN(circ)) {
@@ -666,9 +668,10 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
} else {
/* Close the circuit so we stop queuing cells for it and propagate the
* DESTROY cell down the circuit so relays can stop queuing in-flight
- * cells for this circuit which helps with memory pressure. */
+ * cells for this circuit which helps with memory pressure. We do NOT
+ * propagate the remote reason so not to create a side channel. */
log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit.");
- circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE);
+ circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
}
}
}