aboutsummaryrefslogtreecommitdiff
path: root/src/or/rendcommon.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/or/rendcommon.c')
-rw-r--r--src/or/rendcommon.c48
1 files changed, 33 insertions, 15 deletions
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 3ee7419d7..94bb00221 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -838,8 +838,10 @@ rend_cache_clean(time_t now)
void
rend_cache_purge(void)
{
- if (rend_cache)
+ if (rend_cache) {
+ log_info(LD_REND, "Purging client/v0-HS-authority HS descriptor cache");
strmap_free(rend_cache, _rend_cache_entry_free);
+ }
rend_cache = strmap_new();
}
@@ -884,15 +886,15 @@ rend_id_is_in_interval(const char *a, const char *b, const char *c)
tor_assert(c);
/* There are five cases in which a is outside the interval ]b,c]: */
- a_b = memcmp(a,b,DIGEST_LEN);
+ a_b = tor_memcmp(a,b,DIGEST_LEN);
if (a_b == 0)
return 0; /* 1. a == b (b is excluded) */
- b_c = memcmp(b,c,DIGEST_LEN);
+ b_c = tor_memcmp(b,c,DIGEST_LEN);
if (b_c == 0)
return 0; /* 2. b == c (interval is empty) */
else if (a_b <= 0 && b_c < 0)
return 0; /* 3. a b c */
- c_a = memcmp(c,a,DIGEST_LEN);
+ c_a = tor_memcmp(c,a,DIGEST_LEN);
if (c_a < 0 && a_b <= 0)
return 0; /* 4. c a b */
else if (b_c < 0 && c_a < 0)
@@ -981,15 +983,10 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
tor_assert(rend_cache_v2_dir);
if (base32_decode(desc_id_digest, DIGEST_LEN,
desc_id, REND_DESC_ID_V2_LEN_BASE32) < 0) {
- log_warn(LD_REND, "Descriptor ID contains illegal characters: %s",
- safe_str(desc_id));
- return -1;
- }
- /* Determine if we are responsible. */
- if (hid_serv_responsible_for_desc_id(desc_id_digest) < 0) {
- log_info(LD_REND, "Could not answer fetch request for v2 descriptor; "
- "either we are no hidden service directory, or we are "
- "not responsible for the requested ID.");
+ log_fn(LOG_PROTOCOL_WARN, LD_REND,
+ "Rejecting v2 rendezvous descriptor request -- descriptor ID "
+ "contains illegal characters: %s",
+ safe_str(desc_id));
return -1;
}
/* Lookup descriptor and return. */
@@ -1014,9 +1011,14 @@ rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc)
*
* The published flag tells us if we store the descriptor
* in our role as directory (1) or if we cache it as client (0).
+ *
+ * If <b>service_id</b> is non-NULL and the descriptor is not for that
+ * service ID, reject it. <b>service_id</b> must be specified if and
+ * only if <b>published</b> is 0 (we fetched this descriptor).
*/
int
-rend_cache_store(const char *desc, size_t desc_len, int published)
+rend_cache_store(const char *desc, size_t desc_len, int published,
+ const char *service_id)
{
rend_cache_entry_t *e;
rend_service_descriptor_t *parsed;
@@ -1034,6 +1036,13 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
rend_service_descriptor_free(parsed);
return -2;
}
+ if ((service_id != NULL) && strcmp(query, service_id)) {
+ log_warn(LD_REND, "Received service descriptor for service ID %s; "
+ "expected descriptor for service ID %s.",
+ query, safe_str(service_id));
+ rend_service_descriptor_free(parsed);
+ return -2;
+ }
now = time(NULL);
if (parsed->timestamp < now-REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) {
log_fn(LOG_PROTOCOL_WARN, LD_REND,
@@ -1066,7 +1075,7 @@ rend_cache_store(const char *desc, size_t desc_len, int published)
rend_service_descriptor_free(parsed);
return 0;
}
- if (e && e->len == desc_len && !memcmp(desc,e->desc,desc_len)) {
+ if (e && e->len == desc_len && tor_memeq(desc,e->desc,desc_len)) {
log_info(LD_REND,"We already have this service descriptor %s.",
safe_str_client(query));
e->received = time(NULL);
@@ -1214,6 +1223,8 @@ rend_cache_store_v2_desc_as_dir(const char *desc)
* If we have an older descriptor with the same ID, replace it.
* If we have any v0 descriptor with the same ID, reject this one in order
* to not get confused with having both versions for the same service.
+ * If the descriptor's service ID does not match
+ * <b>rend_query</b>-\>onion_address, reject it.
* Return -2 if it's malformed or otherwise rejected; return -1 if we
* already have a v0 descriptor here; return 0 if it's the same or older
* than one we've already got; return 1 if it's novel.
@@ -1264,6 +1275,13 @@ rend_cache_store_v2_desc_as_client(const char *desc,
retval = -2;
goto err;
}
+ if (strcmp(rend_query->onion_address, service_id)) {
+ log_warn(LD_REND, "Received service descriptor for service ID %s; "
+ "expected descriptor for service ID %s.",
+ service_id, safe_str(rend_query->onion_address));
+ retval = -2;
+ goto err;
+ }
/* Decode/decrypt introduction points. */
if (intro_content) {
if (rend_query->auth_type != REND_NO_AUTH &&