aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-08-25 00:31:51 -0400
committerNick Mathewson <nickm@torproject.org>2013-08-25 00:31:51 -0400
commit4107ddd003c6c0f1271ad73a40114350f600dbec (patch)
tree656f97e37c332fc5baa4ef96d482d8b3529743c9
parent1ee1c8fb4fc2e4855dba4387a58162656b5b9f0f (diff)
parentcbc53a2d52a67e49e56ad9d8f5334ad623a59374 (diff)
downloadtor-4107ddd003c6c0f1271ad73a40114350f600dbec.tar
tor-4107ddd003c6c0f1271ad73a40114350f600dbec.tar.gz
Merge remote-tracking branch 'public/bug9546_v2' into maint-0.2.4
-rw-r--r--changes/bug954611
-rw-r--r--src/or/channeltls.c14
-rw-r--r--src/or/connection_or.c9
-rw-r--r--src/or/or.h3
4 files changed, 34 insertions, 3 deletions
diff --git a/changes/bug9546 b/changes/bug9546
new file mode 100644
index 000000000..2145e35d8
--- /dev/null
+++ b/changes/bug9546
@@ -0,0 +1,11 @@
+ o Major bugfixes:
+
+ - When a relay is extending a circuit to a bridge, it needs to send a
+ NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
+ cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
+
+ - Bridges send AUTH_CHALLENGE cells during their handshakes; previously
+ they did not, which prevented relays from successfully connecting
+ to a bridge for self-test or bandwidth testing. Fixes bug 9546;
+ bugfix on 0.2.3.6-alpha.
+
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index d758d22d8..f751c0da9 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1262,8 +1262,8 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan)
const int send_versions = !started_here;
/* If we want to authenticate, send a CERTS cell */
const int send_certs = !started_here || public_server_mode(get_options());
- /* If we're a relay that got a connection, ask for authentication. */
- const int send_chall = !started_here && public_server_mode(get_options());
+ /* If we're a host that got a connection, ask for authentication. */
+ const int send_chall = !started_here;
/* If our certs cell will authenticate us, we can send a netinfo cell
* right now. */
const int send_netinfo = !started_here;
@@ -1474,6 +1474,16 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
* trustworthy. */
+ if (! chan->conn->handshake_state->sent_netinfo) {
+ /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
+ * cell, then we would not previously have sent a NETINFO cell. Do so
+ * now. */
+ if (connection_or_send_netinfo(chan->conn) < 0) {
+ connection_or_close_for_error(chan->conn, 0);
+ return;
+ }
+ }
+
if (connection_or_set_state_open(chan->conn) < 0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Got good NETINFO cell from %s:%d; but "
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 361636350..d5dd4470e 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2042,6 +2042,12 @@ connection_or_send_netinfo(or_connection_t *conn)
tor_assert(conn->handshake_state);
+ if (conn->handshake_state->sent_netinfo) {
+ log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection "
+ "where we already sent one.");
+ return 0;
+ }
+
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_NETINFO;
@@ -2083,6 +2089,7 @@ connection_or_send_netinfo(or_connection_t *conn)
}
conn->handshake_state->digest_sent_data = 0;
+ conn->handshake_state->sent_netinfo = 1;
connection_or_write_cell_to_buf(&cell, conn);
return 0;
@@ -2211,7 +2218,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
const tor_cert_t *id_cert=NULL, *link_cert=NULL;
const digests_t *my_digests, *their_digests;
const uint8_t *my_id, *their_id, *client_id, *server_id;
- if (tor_tls_get_my_certs(0, &link_cert, &id_cert))
+ if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
return -1;
my_digests = tor_cert_get_id_digests(id_cert);
their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);
diff --git a/src/or/or.h b/src/or/or.h
index 3dc96b9a9..8c6c1e363 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1357,6 +1357,9 @@ typedef struct or_handshake_state_t {
/* True iff we've received valid authentication to some identity. */
unsigned int authenticated : 1;
+ /* True iff we have sent a netinfo cell */
+ unsigned int sent_netinfo : 1;
+
/** True iff we should feed outgoing cells into digest_sent and
* digest_received respectively.
*