Merge remote-tracking branch 'rransom-tor/bug3332-v2'

author: Nick Mathewson <nickm@torproject.org> 2011-06-15 11:33:40 -0400
committer: Nick Mathewson <nickm@torproject.org> 2011-06-15 11:33:40 -0400
commit: a857f61e278aa5e5980722f9d458424b8790e9b1 (patch)
tree: dcbc2c65fa2b11990ddfbee8a8eee2d32043cea9 /src
parent: 875a551409c81fced826336a73cafa36396a43f8 (diff)
parent: 44eafa9697b0adebfa5e18579adcf70cd6d9c935 (diff)
download: tor-a857f61e278aa5e5980722f9d458424b8790e9b1.tar
tor-a857f61e278aa5e5980722f9d458424b8790e9b1.tar.gz
3 files changed, 24 insertions, 0 deletions
diff --git a/src/or/directory.c b/src/or/directory.c
index 5d63a540e..7ded11527 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -858,6 +858,20 @@ directory_initiate_command(const char *address, const tor_addr_t *_addr,
                              if_modified_since, NULL);
 }
 
+/** Return non-zero iff a directory connection with purpose
+ * <b>dir_purpose</b> reveals sensitive information about a Tor
+ * instance's client activities.  (Such connections must be performed
+ * through normal three-hop Tor circuits.) */
+static int
+is_sensitive_dir_purpose(uint8_t dir_purpose)
+{
+  return ((dir_purpose == DIR_PURPOSE_FETCH_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_HAS_FETCHED_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) ||
+          (dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2));
+}
+
 /** Same as directory_initiate_command(), but accepts rendezvous data to
  * fetch a hidden service descriptor. */
 static void
@@ -892,6 +906,9 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr,
 
   log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
 
+  tor_assert(!(is_sensitive_dir_purpose(dir_purpose) &&
+               !anonymized_connection));
+
   /* ensure that we don't make direct connections when a SOCKS server is
    * configured. */
   if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index c4eddb6e7..b618d0fe4 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -145,6 +145,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   tor_assert(rendcirc->rend_data);
   tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
                                    rendcirc->rend_data->onion_address));
+  tor_assert(!(introcirc->build_state->onehop_tunnel));
+  tor_assert(!(rendcirc->build_state->onehop_tunnel));
 
   if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
                               &entry) < 1) {
@@ -335,6 +337,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
   }
 
   tor_assert(circ->build_state->chosen_exit);
+  tor_assert(!(circ->build_state->onehop_tunnel));
   tor_assert(circ->rend_data);
 
   if (request_len == 0) {
@@ -346,6 +349,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
     rendcirc = circuit_get_by_rend_query_and_purpose(
                circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
     if (rendcirc) { /* remember the ack */
+      tor_assert(!(rendcirc->build_state->onehop_tunnel));
       rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
       /* Set timestamp_dirty, because circuit_expire_building expects
        * it to specify when a circuit entered the
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index af1a290bf..4413ae9d8 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -905,6 +905,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   time_t *access_time;
   const or_options_t *options = get_options();
 
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->rend_data);
 
   base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
@@ -1359,6 +1360,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
   crypto_pk_env_t *intro_key;
 
   tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->cpath);
   tor_assert(circuit->rend_data);
 
@@ -1501,6 +1503,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
   tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
   tor_assert(circuit->cpath);
   tor_assert(circuit->build_state);
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->rend_data);
   hop = circuit->build_state->pending_final_cpath;
   tor_assert(hop);
author	Nick Mathewson <nickm@torproject.org>	2011-06-15 11:33:40 -0400
committer	Nick Mathewson <nickm@torproject.org>	2011-06-15 11:33:40 -0400
commit	a857f61e278aa5e5980722f9d458424b8790e9b1 (patch)
tree	dcbc2c65fa2b11990ddfbee8a8eee2d32043cea9 /src
parent	875a551409c81fced826336a73cafa36396a43f8 (diff)
parent	44eafa9697b0adebfa5e18579adcf70cd6d9c935 (diff)
download	tor-a857f61e278aa5e5980722f9d458424b8790e9b1.tar tor-a857f61e278aa5e5980722f9d458424b8790e9b1.tar.gz