From 88c4b425bd49d4cde52fdce7eeb65bcf2304d0f6 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 3 Nov 2011 11:52:35 -0400 Subject: Fix bug 4367: correctly detect auth_challenge cells we can't use Found by frosty_un, bugfix on 0.2.3.6-alpha, fix suggested by arma. --- changes/bug4367 | 5 +++++ src/or/command.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changes/bug4367 diff --git a/changes/bug4367 b/changes/bug4367 new file mode 100644 index 000000000..77236d0e6 --- /dev/null +++ b/changes/bug4367 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Successfully detect AUTH_CHALLENGE cells with no recognized + authentication type listed. Fixes bug 4367; bugfix on 0.2.3.6-alpha. + Found by frosty_un. + diff --git a/src/or/command.c b/src/or/command.c index c02d353bb..6eb261c37 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -1100,7 +1100,7 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) conn->handshake_state->received_auth_challenge = 1; - if (use_type && public_server_mode(get_options())) { + if (use_type >= 0 && public_server_mode(get_options())) { log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Sending " "authentication", safe_str(conn->_base.address), conn->_base.port); -- cgit v1.2.3 From 325a659cb16350b1e28db803e2e673068ca2eb82 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 3 Nov 2011 12:40:02 -0400 Subject: Even when we can't answer an AUTH_CHALLENGE, send NETINFO. Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty". --- changes/bug4368 | 4 ++++ src/or/command.c | 25 +++++++++++++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 changes/bug4368 diff --git a/changes/bug4368 b/changes/bug4368 new file mode 100644 index 000000000..54b4882bc --- /dev/null +++ b/changes/bug4368 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - If a relay receives an AUTH_CHALLENGE it can't answer, it should + still send a NETINFO cell to allow the connection to become open. + Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty". diff --git a/src/or/command.c b/src/or/command.c index 6eb261c37..5d0ebaa68 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -1100,7 +1100,14 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) conn->handshake_state->received_auth_challenge = 1; - if (use_type >= 0 && public_server_mode(get_options())) { + if (! public_server_mode(get_options())) { + /* If we're not a public server then we don't want to authenticate on a + connection we originated, and we already sent a NETINFO cell when we + got the CERTS cell. We have nothing more to do. */ + return; + } + + if (use_type >= 0) { log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Sending " "authentication", safe_str(conn->_base.address), conn->_base.port); @@ -1110,16 +1117,18 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn) connection_mark_for_close(TO_CONN(conn)); return; } - if (connection_or_send_netinfo(conn) < 0) { - log_warn(LD_OR, "Couldn't send netinfo cell"); - connection_mark_for_close(TO_CONN(conn)); - return; - } } else { - log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Not " - "authenticating", + log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d, but we don't " + "know any of its authentication types. Not authenticating.", safe_str(conn->_base.address), conn->_base.port); } + + if (connection_or_send_netinfo(conn) < 0) { + log_warn(LD_OR, "Couldn't send netinfo cell"); + connection_mark_for_close(TO_CONN(conn)); + return; + } + #undef ERR } -- cgit v1.2.3