diff options
| -rw-r--r-- | src/or/command.c | 36 | ||||
| -rw-r--r-- | src/or/connection_or.c | 17 |
2 files changed, 41 insertions, 12 deletions
diff --git a/src/or/command.c b/src/or/command.c index 7efd18fcec..8cf6c46401 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -149,10 +149,15 @@ command_process_cell(cell_t *cell, or_connection_t *conn) #endif /* Reject all but VERSIONS and NETINFO when handshaking. */ + /* (VERSIONS should actually be impossible; it's variable-length.) */ if (handshaking && cell->command != CELL_VERSIONS && - cell->command != CELL_NETINFO) + cell->command != CELL_NETINFO) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received unexpected cell command %d in state %s; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state)); return; - /* XXXX VERSIONS should be impossible; it's variable-length. */ + } if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) or_handshake_state_record_cell(conn->handshake_state, cell, 1); @@ -239,18 +244,37 @@ command_process_var_cell(var_cell_t *cell, or_connection_t *conn) /* fall through */ case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: - if (cell->command != CELL_VERSIONS) - return; /*XXXX023 log*/ + if (cell->command != CELL_VERSIONS) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a non-VERSIONS cell with command %d in state %s; " + "ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state)); + return; + } break; case OR_CONN_STATE_OR_HANDSHAKING_V3: if (cell->command != CELL_AUTHENTICATE) or_handshake_state_record_var_cell(conn->handshake_state, cell, 1); break; /* Everything is allowed */ case OR_CONN_STATE_OPEN: - if (conn->link_proto < 3) + if (conn->link_proto < 3) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a variable-length cell with command %d in state %s " + "with link protocol %d; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state), + (int)conn->link_proto); return; + } + break; default: - /*XXXX023 log */ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received var-length cell with command %d in unexpected state " + "%s [%d]; ignoring it.", + (int)cell->command, + conn_state_to_string(CONN_TYPE_OR,conn->_base.state), + (int)conn->_base.state); return; } diff --git a/src/or/connection_or.c b/src/or/connection_or.c index a5b965b8d1..b4c1fd0e62 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2176,15 +2176,20 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype) int cell_maxlen; /* XXXX make sure we're actually supposed to send this! */ - if (!pk) - return -1;/*XXXX log*/ - if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) - return -1;/*XXXX log*/ + if (!pk) { + log_warn(LD_BUG, "Unable to compute authenticate cell: no client auth key"); + return -1; + } + if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) { + log_warn(LD_BUG, "Tried to send authenticate cell with unknown " + "authentication type %d", authtype); + return -1; + } cell_maxlen = 4 + /* overhead */ V3_AUTH_BODY_LEN + /* Authentication body */ crypto_pk_keysize(pk) + /* Max signature length */ - 16 /* just in case XXXX */ ; + 16 /* add a few extra bytes just in case. */; cell = var_cell_new(cell_maxlen); cell->command = CELL_AUTHENTICATE; @@ -2197,7 +2202,7 @@ connection_or_send_authenticate_cell(or_connection_t *conn, int authtype) pk, 0 /* not server */); if (authlen < 0) { - /* XXXX log */ + log_warn(LD_BUG, "Unable to compute authenticate cell!"); var_cell_free(cell); return -1; } |