diff options
| author | teor <teor@torproject.org> | 2020-03-18 18:07:14 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2020-04-09 10:59:51 +1000 |
| commit | c9b674d5110278f98c48f7e36653141bd39416dd (patch) | |
| tree | 44ce9f59f8816077399854f66409dcb93df8e540 /src/feature/relay | |
| parent | f863954f1e4d52fa6b73521e878a7140fe06c257 (diff) | |
| download | tor-c9b674d5110278f98c48f7e36653141bd39416dd.tar.gz tor-c9b674d5110278f98c48f7e36653141bd39416dd.zip | |
relay: Protocol warn when a client gets an extend
circuit_extend() may be called when a client receives an extend cell,
even if the relay module is disabled.
Log a protocol warning when the relay module is disabled.
Part of 33633.
Diffstat (limited to 'src/feature/relay')
| -rw-r--r-- | src/feature/relay/circuitbuild_relay.c | 18 | ||||
| -rw-r--r-- | src/feature/relay/circuitbuild_relay.h | 13 |
2 files changed, 19 insertions, 12 deletions
diff --git a/src/feature/relay/circuitbuild_relay.c b/src/feature/relay/circuitbuild_relay.c index f167d0a8e4..9da89953fb 100644 --- a/src/feature/relay/circuitbuild_relay.c +++ b/src/feature/relay/circuitbuild_relay.c @@ -39,11 +39,8 @@ #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -/** Take the 'extend' <b>cell</b>, pull out addr/port plus the onion - * skin and identity digest for the next hop. If we're already connected, - * pass the onion skin to the next hop using a create cell; otherwise - * launch a new OR connection, and <b>circ</b> will notice when the - * connection succeeds or fails. +/* Before replying to an extend cell, check the state of the circuit + * <b>circ</b>, and the configured tor mode. * * Return -1 if we want to warn and tear down the circuit, else return 0. */ @@ -56,6 +53,11 @@ circuit_extend(struct cell_t *cell, struct circuit_t *circ) const char *msg = NULL; int should_launch = 0; + if (!server_mode(get_options())) { + circuitbuild_warn_client_extend(); + return -1; + } + if (circ->n_chan) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "n_chan already set. Bug/attack. Closing."); @@ -67,12 +69,6 @@ circuit_extend(struct cell_t *cell, struct circuit_t *circ) return -1; } - if (!server_mode(get_options())) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Got an extend cell, but running as a client. Closing."); - return -1; - } - relay_header_unpack(&rh, cell->payload); if (extend_cell_parse(&ec, rh.command, diff --git a/src/feature/relay/circuitbuild_relay.h b/src/feature/relay/circuitbuild_relay.h index decc28d3a8..890b40dc20 100644 --- a/src/feature/relay/circuitbuild_relay.h +++ b/src/feature/relay/circuitbuild_relay.h @@ -13,6 +13,9 @@ #define TOR_FEATURE_RELAY_CIRCUITBUILD_RELAY_H #include "lib/cc/torint.h" +#include "lib/log/log.h" + +#include "app/config/config.h" struct cell_t; struct created_cell_t; @@ -20,6 +23,14 @@ struct created_cell_t; struct circuit_t; struct or_circuit_t; +/* Log a protocol warning about getting an extend cell on a client. */ +static inline void +circuitbuild_warn_client_extend(void) +{ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Got an extend cell, but running as a client. Closing."); +} + #ifdef HAVE_MODULE_RELAY int circuit_extend(struct cell_t *cell, struct circuit_t *circ); @@ -36,7 +47,7 @@ circuit_extend(struct cell_t *cell, struct circuit_t *circ) { (void)cell; (void)circ; - tor_assert_nonfatal_unreached(); + circuitbuild_warn_client_extend(); return -1; } |