diff options
-rw-r--r-- | changes/bug5645 | 5 | ||||
-rw-r--r-- | src/or/rendmid.c | 13 |
2 files changed, 11 insertions, 7 deletions
diff --git a/changes/bug5645 b/changes/bug5645 new file mode 100644 index 0000000000..0abd3b1a21 --- /dev/null +++ b/changes/bug5645 @@ -0,0 +1,5 @@ + o Code refactoring: + - Defensively refactor rend_mid_rendezvous() so that protocol + violations and length checks happen in the beginning. Fixes bug + 5645. + diff --git a/src/or/rendmid.c b/src/or/rendmid.c index 2742c351b3..894bbb3c54 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -276,13 +276,6 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, or_circuit_t *rend_circ; char hexid[9]; int reason = END_CIRC_REASON_INTERNAL; - base16_encode(hexid,9,(char*)request,request_len<4?request_len:4); - - if (request_len>=4) { - log_info(LD_REND, - "Got request for rendezvous from circuit %d to cookie %s.", - circ->p_circ_id, hexid); - } if (circ->_base.purpose != CIRCUIT_PURPOSE_OR || circ->_base.n_conn) { log_info(LD_REND, @@ -300,6 +293,12 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, goto err; } + base16_encode(hexid, sizeof(hexid), (const char*)request, 4); + + log_info(LD_REND, + "Got request for rendezvous from circuit %d to cookie %s.", + circ->p_circ_id, hexid); + rend_circ = circuit_get_rendezvous((char*)request); if (!rend_circ) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, |