Also raise the check for 0 circuit ID in created cell.

And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.

1 files changed, 11 insertions, 8 deletions

diff --git a/src/or/command.c b/src/or/command.c
index 51fb64044..fa2a0e74e 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -227,6 +227,17 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
             (unsigned)cell->circ_id,
             U64_PRINTF_ARG(chan->global_identifier), chan);
 
+  /* We check for the conditions that would make us drop the cell before
+   * we check for the conditions that would make us send a DESTROY back,
+   * since those conditions would make a DESTROY nonsensical. */
+  if (cell->circ_id == 0) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Received a create cell (type %d) from %s with zero circID; "
+           " ignoring.", (int)cell->command,
+           channel_get_actual_remote_descr(chan));
+    return;
+  }
+
   if (circuit_id_in_use_on_channel(cell->circ_id, chan)) {
     const node_t *node = node_get_by_id(chan->identity_digest);
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
@@ -265,14 +276,6 @@ command_process_create_cell(cell_t *cell, channel_t *chan)
     return;
   }
 
-  if (cell->circ_id == 0) {
-    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-           "Received a create cell (type %d) from %s with zero circID; "
-           " ignoring.", (int)cell->command,
-           channel_get_actual_remote_descr(chan));
-    return;
-  }
-
   /* If the high bit of the circuit ID is not as expected, close the
    * circ. */
   if (chan->wide_circ_ids)