diff options
author | Robert Ransom <rransom.8774@gmail.com> | 2011-10-29 17:02:53 -0700 |
---|---|---|
committer | Robert Ransom <rransom.8774@gmail.com> | 2011-10-30 04:46:58 -0700 |
commit | 1a52a947c557ac04ee96addff404dc50cf5c26eb (patch) | |
tree | 85947e0f40044d2a6872bfde162b05c70e8e454a /src/or/rendservice.c | |
parent | 1eba4f0cc370f576537edc3461899b87e71ea107 (diff) | |
download | tor-1a52a947c557ac04ee96addff404dc50cf5c26eb.tar.gz tor-1a52a947c557ac04ee96addff404dc50cf5c26eb.zip |
Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t
Diffstat (limited to 'src/or/rendservice.c')
-rw-r--r-- | src/or/rendservice.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index ee34edfa6e..413d4f670a 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1005,14 +1005,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, if (!service->accepted_intros) service->accepted_intros = digestmap_new(); + if (!intro_point->accepted_intros) + intro_point->accepted_intros = digestmap_new(); + { char pkpart_digest[DIGEST_LEN]; - /* Check for replay of PK-encrypted portion. It is slightly naughty to - use the same digestmap to check for this and for g^x replays, but - collisions are tremendously unlikely. - */ + /* Check for replay of PK-encrypted portion. */ crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen); - access_time = digestmap_get(service->accepted_intros, pkpart_digest); + access_time = digestmap_get(intro_point->accepted_intros, pkpart_digest); if (access_time != NULL) { log_warn(LD_REND, "Possible replay detected! We received an " "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. " @@ -1021,14 +1021,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, } access_time = tor_malloc(sizeof(time_t)); *access_time = now; - digestmap_set(service->accepted_intros, pkpart_digest, access_time); - } - - /* Record that we've received another INTRODUCE2 cell through this - * intro point. */ - ++(intro_point->introduction_count); - if (intro_point->introduction_count == 0) { - --(intro_point->introduction_count); + digestmap_set(intro_point->accepted_intros, pkpart_digest, access_time); } /* Next N bytes is encrypted with service key */ @@ -1935,7 +1928,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro, return 1; } - if (intro->introduction_count >= INTRO_POINT_LIFETIME_INTRODUCTIONS) { + if (digestmap_size(intro->accepted_intros) >= + INTRO_POINT_LIFETIME_INTRODUCTIONS) { /* This intro point has been used too many times. Expire it now. */ return 1; } |