We were already rejecting relay begin cells with destination port

of 0. Now also reject extend cells with destination port or address of 0. Suggested by lark. svn:r18812
author: Roger Dingledine <arma@torproject.org> 2009-03-09 00:53:42 +0000
committer: Roger Dingledine <arma@torproject.org> 2009-03-09 00:53:42 +0000
commit: 5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0 (patch)
tree: 14334f3e247bdbc2029d62b1fdbe3579fe9239f9 /src/or/circuitbuild.c
parent: 5cb2e4efca5d3dccd664c20b99dfe4a9a63f4a75 (diff)
download: tor-5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0.tar
tor-5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 42da9e6fe..1cda8e870 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -762,7 +762,13 @@ circuit_extend(cell_t *cell, circuit_t *circ)
   id_digest = cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN;
   tor_addr_from_ipv4h(&n_addr, n_addr32);
 
-  /* First, check if they asked us for 0000..0000. We support using
+  if (!n_port || !n_addr32) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to extend to zero destination port or addr.");
+    return -1;
+  }
+
+  /* Check if they asked us for 0000..0000. We support using
    * an empty fingerprint for the first hop (e.g. for a bridge relay),
    * but we don't want to let people send us extend cells for empty
    * fingerprints -- a) because it opens the user up to a mitm attack,
author	Roger Dingledine <arma@torproject.org>	2009-03-09 00:53:42 +0000
committer	Roger Dingledine <arma@torproject.org>	2009-03-09 00:53:42 +0000
commit	5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0 (patch)
tree	14334f3e247bdbc2029d62b1fdbe3579fe9239f9 /src/or/circuitbuild.c
parent	5cb2e4efca5d3dccd664c20b99dfe4a9a63f4a75 (diff)
download	tor-5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0.tar tor-5d50bc3e1d4bf7312b39d5366cb1d374345f7bd0.tar.gz