3 files changed, 48 insertions, 1 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 8865bb5fb5..2674e2c1e7 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -538,3 +538,45 @@ hs_client_circuit_has_opened(origin_circuit_t *circ)
   }
 }
 
+/* Called when we receive a RENDEZVOUS_ESTABLISHED cell. Change the state of
+ * the circuit to CIRCUIT_PURPOSE_C_REND_READY. Return 0 on success else a
+ * negative value and the circuit marked for close. */
+int
+hs_client_receive_rendezvous_acked(origin_circuit_t *circ,
+                                   const uint8_t *payload, size_t payload_len)
+{
+  tor_assert(circ);
+  tor_assert(payload);
+
+  (void) payload_len;
+
+  if (TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
+    log_warn(LD_PROTOCOL, "Got a RENDEZVOUS_ESTABLISHED but we were not "
+                          "expecting one. Closing circuit.");
+    goto err;
+  }
+
+  log_info(LD_REND, "Received an RENDEZVOUS_ESTABLISHED. This circuit is "
+                    "now ready for rendezvous.");
+  circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_REND_READY);
+
+  /* Set timestamp_dirty, because circuit_expire_building expects it to
+   * specify when a circuit entered the _C_REND_READY state. */
+  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
+
+  /* From a path bias point of view, this circuit is now successfully used.
+   * Waiting any longer opens us up to attacks from malicious hidden services.
+   * They could induce the client to attempt to connect to their hidden
+   * service and never reply to the client's rend requests */
+  pathbias_mark_use_success(circ);
+
+  /* If we already have the introduction circuit built, make sure we send
+   * the INTRODUCE cell _now_ */
+  connection_ap_attach_pending(1);
+
+  return 0;
+ err:
+  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
+  return -1;
+}
+
diff --git a/src/or/hs_client.h b/src/or/hs_client.h
index a716fc02e4..0f82a830f4 100644
--- a/src/or/hs_client.h
+++ b/src/or/hs_client.h
@@ -27,5 +27,9 @@ int hs_client_send_introduce1(origin_circuit_t *intro_circ,
 
 void hs_client_circuit_has_opened(origin_circuit_t *circ);
 
+int hs_client_receive_rendezvous_acked(origin_circuit_t *circ,
+                                       const uint8_t *payload,
+                                       size_t payload_len);
+
 #endif /* TOR_HS_CLIENT_H */
 
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index a6b59881ad..7e5ba6b6f6 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -19,6 +19,7 @@
 #include "rendcommon.h"
 #include "rendmid.h"
 #include "hs_intropoint.h"
+#include "hs_client.h"
 #include "rendservice.h"
 #include "rephist.h"
 #include "router.h"
@@ -797,7 +798,7 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
       break;
     case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
       if (origin_circ)
-        r = rend_client_rendezvous_acked(origin_circ,payload,length);
+        r = hs_client_receive_rendezvous_acked(origin_circ,payload,length);
       break;
     default:
       tor_fragile_assert();