7 files changed, 59 insertions, 3 deletions

diff --git a/changes/bug9366 b/changes/bug9366
new file mode 100644
index 0000000000..acc919e77f
--- /dev/null
+++ b/changes/bug9366
@@ -0,0 +1,4 @@
+  o Minor features (usability):
+    - Warn and fail if a server is configured not to advertise any
+      ORPorts at all. (We need *something* to put in our descriptor, or
+      we just won't work.)
diff --git a/changes/bug9543 b/changes/bug9543
new file mode 100644
index 0000000000..753947f6fd
--- /dev/null
+++ b/changes/bug9543
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - Avoid overflows when the user sets MaxCircuitDirtiness to a
+      ridiculously high value, by imposing a (ridiculously high) 30-day
+      maximum on MaxCircuitDirtiness.
diff --git a/changes/bug9546 b/changes/bug9546
new file mode 100644
index 0000000000..2145e35d8f
--- /dev/null
+++ b/changes/bug9546
@@ -0,0 +1,11 @@
+  o Major bugfixes:
+
+    - When a relay is extending a circuit to a bridge, it needs to send a
+      NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
+      cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
+
+    - Bridges send AUTH_CHALLENGE cells during their handshakes; previously
+      they did not, which prevented relays from successfully connecting
+      to a bridge for self-test or bandwidth testing. Fixes bug 9546;
+      bugfix on 0.2.3.6-alpha.
+
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 7303c5a721..ca9e10b3fc 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1289,8 +1289,8 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
     const int send_versions = !started_here;
     /* If we want to authenticate, send a CERTS cell */
     const int send_certs = !started_here || public_server_mode(get_options());
-    /* If we're a relay that got a connection, ask for authentication. */
-    const int send_chall = !started_here && public_server_mode(get_options());
+    /* If we're a host that got a connection, ask for authentication. */
+    const int send_chall = !started_here;
     /* If our certs cell will authenticate us, we can send a netinfo cell
      * right now. */
     const int send_netinfo = !started_here;
@@ -1501,6 +1501,16 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
   /* XXX maybe act on my_apparent_addr, if the source is sufficiently
    * trustworthy. */
 
+  if (! chan->conn->handshake_state->sent_netinfo) {
+    /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
+     * cell, then we would not previously have sent a NETINFO cell. Do so
+     * now. */
+    if (connection_or_send_netinfo(chan->conn) < 0) {
+      connection_or_close_for_error(chan->conn, 0);
+      return;
+    }
+  }
+
   if (connection_or_set_state_open(chan->conn) < 0) {
     log_fn(LOG_PROTOCOL_WARN, LD_OR,
            "Got good NETINFO cell from %s:%d; but "
diff --git a/src/or/config.c b/src/or/config.c
index e746da220a..657bc60396 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2326,6 +2326,10 @@ compute_publishserverdescriptor(or_options_t *options)
  * will generate too many circuits and potentially overload the network. */
 #define MIN_MAX_CIRCUIT_DIRTINESS 10
 
+/** Highest allowable value for MaxCircuitDirtiness: prevents time_t
+ * overflows. */
+#define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60)
+
 /** Lowest allowable value for CircuitStreamTimeout; if this is too low, Tor
  * will generate too many circuits and potentially overload the network. */
 #define MIN_CIRCUIT_STREAM_TIMEOUT 10
@@ -2847,6 +2851,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
     options->MaxCircuitDirtiness = MIN_MAX_CIRCUIT_DIRTINESS;
   }
 
+  if (options->MaxCircuitDirtiness > MAX_MAX_CIRCUIT_DIRTINESS) {
+    log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too high; "
+             "setting to %d days.", MAX_MAX_CIRCUIT_DIRTINESS/86400);
+    options->MaxCircuitDirtiness = MAX_MAX_CIRCUIT_DIRTINESS;
+  }
+
   if (options->CircuitStreamTimeout &&
       options->CircuitStreamTimeout < MIN_CIRCUIT_STREAM_TIMEOUT) {
     log_warn(LD_CONFIG, "CircuitStreamTimeout option is too short; "
@@ -5830,6 +5840,13 @@ check_server_ports(const smartlist_t *ports,
              "listening on one.");
     r = -1;
   }
+  if (n_orport_listeners && !n_orport_advertised) {
+    log_warn(LD_CONFIG, "We are listening on an ORPort, but not advertising "
+             "any ORPorts. This will keep us from building a %s "
+             "descriptor, and make us impossible to use.",
+             options->BridgeRelay ? "bridge" : "router");
+    r = -1;
+  }
   if (n_dirport_advertised && !n_dirport_listeners) {
     log_warn(LD_CONFIG, "We are advertising a DirPort, but not actually "
              "listening on one.");
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 7912bfb7fc..120f732ce6 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2112,6 +2112,12 @@ connection_or_send_netinfo(or_connection_t *conn)
 
   tor_assert(conn->handshake_state);
 
+  if (conn->handshake_state->sent_netinfo) {
+    log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection "
+             "where we already sent one.");
+    return 0;
+  }
+
   memset(&cell, 0, sizeof(cell_t));
   cell.command = CELL_NETINFO;
 
@@ -2153,6 +2159,7 @@ connection_or_send_netinfo(or_connection_t *conn)
   }
 
   conn->handshake_state->digest_sent_data = 0;
+  conn->handshake_state->sent_netinfo = 1;
   connection_or_write_cell_to_buf(&cell, conn);
 
   return 0;
@@ -2281,7 +2288,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     const tor_cert_t *id_cert=NULL, *link_cert=NULL;
     const digests_t *my_digests, *their_digests;
     const uint8_t *my_id, *their_id, *client_id, *server_id;
-    if (tor_tls_get_my_certs(0, &link_cert, &id_cert))
+    if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
       return -1;
     my_digests = tor_cert_get_id_digests(id_cert);
     their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
diff --git a/src/or/or.h b/src/or/or.h
index 041421ed42..922ae4cb91 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1399,6 +1399,9 @@ typedef struct or_handshake_state_t {
   /* True iff we've received valid authentication to some identity. */
   unsigned int authenticated : 1;
 
+  /* True iff we have sent a netinfo cell */
+  unsigned int sent_netinfo : 1;
+
   /** True iff we should feed outgoing cells into digest_sent and
    * digest_received respectively.
    *