diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2011-06-13 16:12:47 -0700 |
|---|---|---|
| committer | Robert Ransom <rransom.8774@gmail.com> | 2011-06-14 21:32:49 -0700 |
| commit | 44eafa9697b0adebfa5e18579adcf70cd6d9c935 (patch) | |
| tree | 50f9567843657ee2cf7c04381bcfa4bffee7f378 /src | |
| parent | ecc9a364c2ff8557f808dc1826e285239a5767a8 (diff) | |
| download | tor-44eafa9697b0adebfa5e18579adcf70cd6d9c935.tar.gz tor-44eafa9697b0adebfa5e18579adcf70cd6d9c935.zip | |
Assert that HS operations are not performed using single-hop circuits
(with fixes by Nick Mathewson to unbreak the build)
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/directory.c | 17 | ||||
| -rw-r--r-- | src/or/rendclient.c | 4 | ||||
| -rw-r--r-- | src/or/rendservice.c | 3 |
3 files changed, 24 insertions, 0 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index e7a2a4b834..70eb1f2af3 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -858,6 +858,20 @@ directory_initiate_command(const char *address, const tor_addr_t *_addr, if_modified_since, NULL); } +/** Return non-zero iff a directory connection with purpose + * <b>dir_purpose</b> reveals sensitive information about a Tor + * instance's client activities. (Such connections must be performed + * through normal three-hop Tor circuits.) */ +static int +is_sensitive_dir_purpose(uint8_t dir_purpose) +{ + return ((dir_purpose == DIR_PURPOSE_FETCH_RENDDESC) || + (dir_purpose == DIR_PURPOSE_HAS_FETCHED_RENDDESC) || + (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC) || + (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) || + (dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2)); +} + /** Same as directory_initiate_command(), but accepts rendezvous data to * fetch a hidden service descriptor. */ static void @@ -892,6 +906,9 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr, log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose)); + tor_assert(!(is_sensitive_dir_purpose(dir_purpose) && + !anonymized_connection)); + /* ensure that we don't make direct connections when a SOCKS server is * configured. */ if (!anonymized_connection && !use_begindir && !options->HTTPProxy && diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 3e9c6e8e55..36930fea02 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -145,6 +145,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc, tor_assert(rendcirc->rend_data); tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address, rendcirc->rend_data->onion_address)); + tor_assert(!(introcirc->build_state->onehop_tunnel)); + tor_assert(!(rendcirc->build_state->onehop_tunnel)); if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1, &entry) < 1) { @@ -335,6 +337,7 @@ rend_client_introduction_acked(origin_circuit_t *circ, } tor_assert(circ->build_state->chosen_exit); + tor_assert(!(circ->build_state->onehop_tunnel)); tor_assert(circ->rend_data); if (request_len == 0) { @@ -346,6 +349,7 @@ rend_client_introduction_acked(origin_circuit_t *circ, rendcirc = circuit_get_by_rend_query_and_purpose( circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY); if (rendcirc) { /* remember the ack */ + tor_assert(!(rendcirc->build_state->onehop_tunnel)); rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED; /* Set timestamp_dirty, because circuit_expire_building expects * it to specify when a circuit entered the diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 79abc57ee1..80fa35713a 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -905,6 +905,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t *access_time; or_options_t *options = get_options(); + tor_assert(!(circuit->build_state->onehop_tunnel)); tor_assert(circuit->rend_data); base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, @@ -1359,6 +1360,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) crypto_pk_env_t *intro_key; tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO); + tor_assert(!(circuit->build_state->onehop_tunnel)); tor_assert(circuit->cpath); tor_assert(circuit->rend_data); @@ -1501,6 +1503,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit) tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND); tor_assert(circuit->cpath); tor_assert(circuit->build_state); + tor_assert(!(circuit->build_state->onehop_tunnel)); tor_assert(circuit->rend_data); hop = circuit->build_state->pending_final_cpath; tor_assert(hop); |