diff options
| -rw-r--r-- | changes/bug5644 | 5 | ||||
| -rw-r--r-- | src/or/rendservice.c | 14 |
2 files changed, 12 insertions, 7 deletions
diff --git a/changes/bug5644 b/changes/bug5644 new file mode 100644 index 000000000..a390eba99 --- /dev/null +++ b/changes/bug5644 @@ -0,0 +1,5 @@ + o Major bugfixes + - Prevent a client-side assertion failure when receiving an + INTRODUCE2 cell by an exit relay, in a general purpose + circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 30b0d88af..44e669701 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1064,6 +1064,13 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t *access_time; const or_options_t *options = get_options(); + if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) { + log_warn(LD_PROTOCOL, + "Got an INTRODUCE2 over a non-introduction circuit %d.", + circuit->_base.n_circ_id); + return -1; + } + #ifndef NON_ANONYMOUS_MODE_ENABLED tor_assert(!(circuit->build_state->onehop_tunnel)); #endif @@ -1074,13 +1081,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.", escaped(serviceid), circuit->_base.n_circ_id); - if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) { - log_warn(LD_PROTOCOL, - "Got an INTRODUCE2 over a non-introduction circuit %d.", - circuit->_base.n_circ_id); - return -1; - } - /* min key length plus digest length plus nickname length */ if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+ DH_KEY_LEN+42) { |