Accurately identify client connections by their lack of peer authentication

This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
author: teor <teor2345@gmail.com> 2017-03-01 16:23:02 +1100
committer: Nick Mathewson <nickm@torproject.org> 2017-05-02 19:17:56 -0400
commit: f9af7e8bd01d4b7a70776a96c649a89cf1717dd1 (patch)
tree: 078668eb76ebfb84846a752633f4f6b5cc4c6f5b /src/or/channeltls.c
parent: 934003587305dcfb2cbc7f01e7248e3bd378317b (diff)
download: tor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.tar.gz
tor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index dbed95fb43..e7349139fc 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1654,6 +1654,10 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
         tor_assert(tor_mem_is_zero(
                   (const char*)(chan->conn->handshake_state->
                                 authenticated_ed25519_peer_id.pubkey), 32));
+        /* If the client never authenticated, it's a tor client or bridge
+         * relay, and we must not use it for EXTEND requests (nor could we, as
+         * there are no authenticated peer IDs) */
+        channel_mark_client(TLS_CHAN_TO_BASE(chan));
         channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
                chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
author	teor <teor2345@gmail.com>	2017-03-01 16:23:02 +1100
committer	Nick Mathewson <nickm@torproject.org>	2017-05-02 19:17:56 -0400
commit	f9af7e8bd01d4b7a70776a96c649a89cf1717dd1 (patch)
tree	078668eb76ebfb84846a752633f4f6b5cc4c6f5b /src/or/channeltls.c
parent	934003587305dcfb2cbc7f01e7248e3bd378317b (diff)
download	tor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.tar.gz tor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.zip