diff options
| -rw-r--r-- | changes/bug9072 | 3 | ||||
| -rw-r--r-- | src/or/relay.c | 11 |
2 files changed, 14 insertions, 0 deletions
diff --git a/changes/bug9072 b/changes/bug9072 new file mode 100644 index 0000000000..e594a38335 --- /dev/null +++ b/changes/bug9072 @@ -0,0 +1,3 @@ + o Critical bugfixes: + - Disable middle relay queue overfill detection code due to possible + guard discovery attack, pending further analysis. Fixes bug #9072. diff --git a/src/or/relay.c b/src/or/relay.c index 58ca4e957c..38776bcd9a 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -58,7 +58,9 @@ static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr); +#if 0 static int get_max_middle_cells(void); +#endif /** Stop reading on edge connections when we have this many cells * waiting on the appropriate queue. */ @@ -2473,6 +2475,7 @@ channel_flush_from_first_active_circuit(channel_t *chan, int max) return n_flushed; } +#if 0 /** Indicate the current preferred cap for middle circuits; zero disables * the cap. Right now it's just a constant, ORCIRC_MAX_MIDDLE_CELLS, but * the logic in append_cell_to_circuit_queue() is written to be correct @@ -2484,6 +2487,7 @@ get_max_middle_cells(void) { return ORCIRC_MAX_MIDDLE_CELLS; } +#endif /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b> * transmitting in <b>direction</b>. */ @@ -2495,7 +2499,9 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, or_circuit_t *orcirc = NULL; cell_queue_t *queue; int streams_blocked; +#if 0 uint32_t tgt_max_middle_cells, p_len, n_len, tmp, hard_max_middle_cells; +#endif if (circ->marked_for_close) return; @@ -2509,6 +2515,10 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, streams_blocked = circ->streams_blocked_on_p_chan; } + /* + * Disabling this for now because of a possible guard discovery attack + */ +#if 0 /* Are we a middle circuit about to exceed ORCIRC_MAX_MIDDLE_CELLS? */ if ((circ->n_chan != NULL) && CIRCUIT_IS_ORCIRC(circ)) { orcirc = TO_OR_CIRCUIT(circ); @@ -2585,6 +2595,7 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, } } } +#endif cell_queue_append_packed_copy(queue, cell, chan->wide_circ_ids, 1); |