[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10819: backport r10818: prevent streamid collisions on relay cells (in tor/branches/tor-0_1_2-patches: . src/or)
Author: arma
Date: 2007-07-12 13:16:18 -0400 (Thu, 12 Jul 2007)
New Revision: 10819
Modified:
tor/branches/tor-0_1_2-patches/ChangeLog
tor/branches/tor-0_1_2-patches/src/or/relay.c
Log:
backport r10818: prevent streamid collisions on relay cells
Modified: tor/branches/tor-0_1_2-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_1_2-patches/ChangeLog 2007-07-12 17:09:19 UTC (rev 10818)
+++ tor/branches/tor-0_1_2-patches/ChangeLog 2007-07-12 17:16:18 UTC (rev 10819)
@@ -24,6 +24,9 @@
- When sending destroy cells from a circuit's origin, don't include
the reason for tearing down the circuit. The spec says we didn't,
and now we actually don't. Reported by lodger.
+ - Keep streamids from different exits on a circuit separate. This
+ bug may have allowed other routers on a given circuit to inject
+ cells into streams. Reported by lodger; fixes bug 446.
o Minor bugfixes (directory)
- Count the number of authorities that recommend each version
Modified: tor/branches/tor-0_1_2-patches/src/or/relay.c
===================================================================
--- tor/branches/tor-0_1_2-patches/src/or/relay.c 2007-07-12 17:09:19 UTC (rev 10818)
+++ tor/branches/tor-0_1_2-patches/src/or/relay.c 2007-07-12 17:16:18 UTC (rev 10819)
@@ -17,7 +17,8 @@
static int relay_crypt(circuit_t *circ, cell_t *cell, int cell_direction,
crypt_path_t **layer_hint, char *recognized);
static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
- int cell_direction);
+ int cell_direction,
+ crypt_path_t *layer_hint);
static int
connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
@@ -162,7 +163,8 @@
}
if (recognized) {
- edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction);
+ edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction,
+ layer_hint);
if (cell_direction == CELL_DIRECTION_OUT) {
++stats_n_relay_cells_delivered;
log_debug(LD_OR,"Sending away from origin.");
@@ -372,7 +374,8 @@
* attached to circ, return that conn, else return NULL.
*/
static edge_connection_t *
-relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction)
+relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction,
+ crypt_path_t *layer_hint)
{
edge_connection_t *tmpconn;
relay_header_t rh;
@@ -390,7 +393,8 @@
for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
tmpconn=tmpconn->next_stream) {
if (rh.stream_id == tmpconn->stream_id &&
- !tmpconn->_base.marked_for_close) {
+ !tmpconn->_base.marked_for_close &&
+ tmpconn->cpath_layer == layer_hint) {
log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
return tmpconn;
}