diff options
Diffstat (limited to 'src/or/rendcommon.c')
| -rw-r--r-- | src/or/rendcommon.c | 48 |
1 files changed, 33 insertions, 15 deletions
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 3ee7419d7..94bb00221 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -838,8 +838,10 @@ rend_cache_clean(time_t now) void rend_cache_purge(void) { - if (rend_cache) + if (rend_cache) { + log_info(LD_REND, "Purging client/v0-HS-authority HS descriptor cache"); strmap_free(rend_cache, _rend_cache_entry_free); + } rend_cache = strmap_new(); } @@ -884,15 +886,15 @@ rend_id_is_in_interval(const char *a, const char *b, const char *c) tor_assert(c); /* There are five cases in which a is outside the interval ]b,c]: */ - a_b = memcmp(a,b,DIGEST_LEN); + a_b = tor_memcmp(a,b,DIGEST_LEN); if (a_b == 0) return 0; /* 1. a == b (b is excluded) */ - b_c = memcmp(b,c,DIGEST_LEN); + b_c = tor_memcmp(b,c,DIGEST_LEN); if (b_c == 0) return 0; /* 2. b == c (interval is empty) */ else if (a_b <= 0 && b_c < 0) return 0; /* 3. a b c */ - c_a = memcmp(c,a,DIGEST_LEN); + c_a = tor_memcmp(c,a,DIGEST_LEN); if (c_a < 0 && a_b <= 0) return 0; /* 4. c a b */ else if (b_c < 0 && c_a < 0) @@ -981,15 +983,10 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) tor_assert(rend_cache_v2_dir); if (base32_decode(desc_id_digest, DIGEST_LEN, desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) { - log_warn(LD_REND, "Descriptor ID contains illegal characters: %s", - safe_str(desc_id)); - return -1; - } - /* Determine if we are responsible. */ - if (hid_serv_responsible_for_desc_id(desc_id_digest) < 0) { - log_info(LD_REND, "Could not answer fetch request for v2 descriptor; " - "either we are no hidden service directory, or we are " - "not responsible for the requested ID."); + log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Rejecting v2 rendezvous descriptor request -- descriptor ID " + "contains illegal characters: %s", + safe_str(desc_id)); return -1; } /* Lookup descriptor and return. */ @@ -1014,9 +1011,14 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) * * The published flag tells us if we store the descriptor * in our role as directory (1) or if we cache it as client (0). + * + * If <b>service_id</b> is non-NULL and the descriptor is not for that + * service ID, reject it. <b>service_id</b> must be specified if and + * only if <b>published</b> is 0 (we fetched this descriptor). */ int -rend_cache_store(const char *desc, size_t desc_len, int published) +rend_cache_store(const char *desc, size_t desc_len, int published, + const char *service_id) { rend_cache_entry_t *e; rend_service_descriptor_t *parsed; @@ -1034,6 +1036,13 @@ rend_cache_store(const char *desc, size_t desc_len, int published) rend_service_descriptor_free(parsed); return -2; } + if ((service_id != NULL) && strcmp(query, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + query, safe_str(service_id)); + rend_service_descriptor_free(parsed); + return -2; + } now = time(NULL); if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { log_fn(LOG_PROTOCOL_WARN, LD_REND, @@ -1066,7 +1075,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published) rend_service_descriptor_free(parsed); return 0; } - if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) { + if (e && e->len == desc_len && tor_memeq(desc,e->desc,desc_len)) { log_info(LD_REND,"We already have this service descriptor %s.", safe_str_client(query)); e->received = time(NULL); @@ -1214,6 +1223,8 @@ rend_cache_store_v2_desc_as_dir(const char *desc) * If we have an older descriptor with the same ID, replace it. * If we have any v0 descriptor with the same ID, reject this one in order * to not get confused with having both versions for the same service. + * If the descriptor's service ID does not match + * <b>rend_query</b>-\>onion_address, reject it. * Return -2 if it's malformed or otherwise rejected; return -1 if we * already have a v0 descriptor here; return 0 if it's the same or older * than one we've already got; return 1 if it's novel. @@ -1264,6 +1275,13 @@ rend_cache_store_v2_desc_as_client(const char *desc, retval = -2; goto err; } + if (strcmp(rend_query->onion_address, service_id)) { + log_warn(LD_REND, "Received service descriptor for service ID %s; " + "expected descriptor for service ID %s.", + service_id, safe_str(rend_query->onion_address)); + retval = -2; + goto err; + } /* Decode/decrypt introduction points. */ if (intro_content) { if (rend_query->auth_type != REND_NO_AUTH && |