Merge branch 'bug7149' into maint-0.2.3

2 files changed, 9 insertions, 0 deletions

diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644
index 000000000..35b492a2d
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+
+    - Don't serve or accept v2 hidden service descriptors over a
+      relay's DirPort. It's never correct to do so, and disabling it
+      might make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+
diff --git a/src/or/directory.c b/src/or/directory.c
index f1510b970..f235bf3b4 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   }
 
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
        !strcmpstart(url,"/tor/rendezvous2/")) {
     /* Handle v2 rendezvous descriptor fetch request. */
     const char *descp;
@@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
 
   /* Handle v2 rendezvous service publish request. */
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
       !strcmpstart(url,"/tor/rendezvous2/publish")) {
     switch (rend_cache_store_v2_desc_as_dir(body)) {
       case -2: