1 files changed, 18 insertions, 15 deletions

diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index ea32a5bc57..2bcc642a97 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2020, The Tor Project, Inc. */
+ * Copyright (c) 2007-2021, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -69,7 +69,6 @@
 #include "feature/relay/router.h"
 #include "feature/relay/routermode.h"
 #include "feature/relay/selftest.h"
-#include "feature/rend/rendcommon.h"
 #include "feature/stats/predict_ports.h"
 #include "lib/crypt_ops/crypto_rand.h"
 #include "lib/trace/events.h"
@@ -881,14 +880,22 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out,
 }
 
 /**
- * Return true iff <b>purpose</b> is a purpose for a circuit which is
- * allowed to have no guard configured, even if the circuit is multihop
+ * Return true iff <b>circ</b> is allowed
+ * to have no guard configured, even if the circuit is multihop
  * and guards are enabled.
  */
 static int
-circuit_purpose_may_omit_guard(int purpose)
+circuit_may_omit_guard(const origin_circuit_t *circ)
 {
-  switch (purpose) {
+  if (BUG(!circ))
+    return 0;
+
+  if (circ->first_hop_from_controller) {
+    /* The controller picked the first hop: that bypasses the guard system. */
+    return 1;
+  }
+
+  switch (circ->base_.purpose) {
     case CIRCUIT_PURPOSE_TESTING:
     case CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT:
       /* Testing circuits may omit guards because they're measuring
@@ -1019,7 +1026,7 @@ circuit_build_no_more_hops(origin_circuit_t *circ)
   guard_usable_t r;
   if (! circ->guard_state) {
     if (circuit_get_cpath_len(circ) != 1 &&
-        ! circuit_purpose_may_omit_guard(circ->base_.purpose) &&
+        ! circuit_may_omit_guard(circ) &&
         get_options()->UseEntryGuards) {
       log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no "
                "guard state",
@@ -1070,7 +1077,7 @@ circuit_build_no_more_hops(origin_circuit_t *circ)
     clear_broken_connection_map(1);
     if (server_mode(options) &&
         !router_all_orports_seem_reachable(options)) {
-      router_do_reachability_checks(1, 1);
+      router_do_reachability_checks();
     }
   }
 
@@ -1331,16 +1338,13 @@ circuit_truncated(origin_circuit_t *circ, int reason)
  *     CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
  *
  *   - A hidden service connecting to a rendezvous point, which the
- *     client picked (CIRCUIT_PURPOSE_S_CONNECT_REND, via
- *     rend_service_receive_introduction() and
- *     rend_service_relaunch_rendezvous)
+ *     client picked (CIRCUIT_PURPOSE_S_CONNECT_REND.
  *
  * There are currently two situations where we picked the exit node
  * ourselves, making DEFAULT_ROUTE_LEN a safe circuit length:
  *
  *   - We are a hidden service connecting to an introduction point
- *     (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, via
- *     rend_service_launch_establish_intro())
+ *     (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO).
  *
  *   - We are a router testing its own reachabiity
  *     (CIRCUIT_PURPOSE_TESTING, via router_do_reachability_checks())
@@ -2030,7 +2034,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
 
   if (state->onehop_tunnel) {
     log_debug(LD_CIRC, "Launching a one-hop circuit for dir tunnel%s.",
-              (rend_allow_non_anonymous_connection(get_options()) ?
+              (hs_service_allow_non_anonymous_connection(get_options()) ?
                ", or intro or rendezvous connection" : ""));
     state->desired_path_len = 1;
   } else {
@@ -2456,7 +2460,6 @@ onion_extend_cpath(origin_circuit_t *circ)
       choose_good_middle_server(purpose, state, circ->cpath, cur_len);
     if (r) {
       info = extend_info_from_node(r, 0);
-      tor_assert_nonfatal(info);
     }
   }