diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/or/command.c | 8 | ||||
-rw-r--r-- | src/or/relay.c | 17 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/or/command.c b/src/or/command.c index 7d1f53a879..ec97a78bbc 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -221,6 +221,14 @@ command_process_create_cell(cell_t *cell, channel_t *chan) return; } + if (cell->circ_id == 0) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Received a create cell (type %d) from %s:%d with zero circID; " + " ignoring.", (int)cell->command, conn->_base.address, + conn->_base.port); + return; + } + /* If the high bit of the circuit ID is not as expected, close the * circ. */ id_is_high = cell->circ_id & (1<<15); diff --git a/src/or/relay.c b/src/or/relay.c index a942e44651..816a4ecc14 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1176,6 +1176,23 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return - END_CIRC_REASON_TORPROTOCOL; } + if (rh.stream_id == 0) { + switch (rh.command) { + case RELAY_COMMAND_BEGIN: + case RELAY_COMMAND_CONNECTED: + case RELAY_COMMAND_DATA: + case RELAY_COMMAND_END: + case RELAY_COMMAND_RESOLVE: + case RELAY_COMMAND_RESOLVED: + case RELAY_COMMAND_BEGIN_DIR: + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero " + "stream_id. Dropping.", (int)rh.command); + return 0; + default: + ; + } + } + /* either conn is NULL, in which case we've got a control cell, or else * conn points to the recognized stream. */ |