summaryrefslogtreecommitdiff
path: root/src/or/command.c
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2017-03-01 16:23:02 +1100
committerNick Mathewson <nickm@torproject.org>2017-05-02 19:17:56 -0400
commitf9af7e8bd01d4b7a70776a96c649a89cf1717dd1 (patch)
tree078668eb76ebfb84846a752633f4f6b5cc4c6f5b /src/or/command.c
parent934003587305dcfb2cbc7f01e7248e3bd378317b (diff)
downloadtor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.tar.gz
tor-f9af7e8bd01d4b7a70776a96c649a89cf1717dd1.zip
Accurately identify client connections by their lack of peer authentication
This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
Diffstat (limited to 'src/or/command.c')
-rw-r--r--src/or/command.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/or/command.c b/src/or/command.c
index 5866c386e4..4d3830f404 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -344,8 +344,14 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
int len;
created_cell_t created_cell;
- /* Make sure we never try to use the OR connection on which we
- * received this cell to satisfy an EXTEND request, */
+ /* If the client used CREATE_FAST, it's probably a tor client or bridge
+ * relay, and we must not use it for EXTEND requests (in most cases, we
+ * won't have an authenticated peer ID for the extend).
+ * Public relays on 0.2.9 and later will use CREATE_FAST if they have no
+ * ntor onion key for this relay, but that should be a rare occurrence.
+ * Clients on 0.3.1 and later avoid using CREATE_FAST as much as they can,
+ * even during bootstrap, so the CREATE_FAST check is most accurate for
+ * earlier tor client versions. */
channel_mark_client(chan);
memset(&created_cell, 0, sizeof(created_cell));