diff options
-rw-r--r-- | changes/bug4361 | 4 | ||||
-rw-r--r-- | src/or/command.c | 24 |
2 files changed, 24 insertions, 4 deletions
diff --git a/changes/bug4361 b/changes/bug4361 new file mode 100644 index 0000000000..887eb9f3f0 --- /dev/null +++ b/changes/bug4361 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Spec conformance: on a v3 handshake, do not send a NETINFO cell until + after we have received a CERTS cell. Bugfix on 0.2.3.6-alpha; + fixes bug 4361; patch by "frosty". diff --git a/src/or/command.c b/src/or/command.c index eb11a958e1..fb281a7f93 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -728,10 +728,9 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) const int send_certs = !started_here || public_server_mode(get_options()); /* If we're a relay that got a connection, ask for authentication. */ const int send_chall = !started_here && public_server_mode(get_options()); - /* If our certs cell will authenticate us, or if we have no intention of - * authenticating, send a netinfo cell right now. */ - const int send_netinfo = - !(started_here && public_server_mode(get_options())); + /* If our certs cell will authenticate us, we can send a netinfo cell + * right now. */ + const int send_netinfo = !started_here; const int send_any = send_versions || send_certs || send_chall || send_netinfo; tor_assert(conn->link_proto >= 3); @@ -958,6 +957,7 @@ command_process_certs_cell(var_cell_t *cell, or_connection_t *conn) uint8_t *ptr; int n_certs, i; + int send_netinfo = 0; if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) ERR("We're not doing a v3 handshake!"); @@ -1072,6 +1072,13 @@ command_process_certs_cell(var_cell_t *cell, or_connection_t *conn) conn->handshake_state->id_cert = id_cert; id_cert = NULL; + + if (!public_server_mode(get_options())) { + /* If we initiated the connection and we are not a public server, we + * aren't planning to authenticate at all. At this point we know who we + * are talking to, so we can just send a netinfo now. */ + send_netinfo = 1; + } } else { if (! (id_cert && auth_cert)) ERR("The certs we wanted were missing"); @@ -1093,6 +1100,15 @@ command_process_certs_cell(var_cell_t *cell, or_connection_t *conn) } conn->handshake_state->received_certs_cell = 1; + + if (send_netinfo) { + if (connection_or_send_netinfo(conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_mark_for_close(TO_CONN(conn)); + goto err; + } + } + err: tor_cert_free(id_cert); tor_cert_free(link_cert); |