[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r18812: {tor} We were already rejecting relay begin cells with destination (in tor/trunk: . src/or)
Author: arma
Date: 2009-03-08 20:53:42 -0400 (Sun, 08 Mar 2009)
New Revision: 18812
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/circuitbuild.c
Log:
We were already rejecting relay begin cells with destination port
of 0. Now also reject extend cells with destination port or address
of 0. Suggested by lark.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2009-03-09 00:43:03 UTC (rev 18811)
+++ tor/trunk/ChangeLog 2009-03-09 00:53:42 UTC (rev 18812)
@@ -38,6 +38,9 @@
manner, to avoid platform-dependent behavior on malformed input.
- Build correctly when configured to build outside the main source
path. Patch from Michael Gold.
+ - We were already rejecting relay begin cells with destination port
+ of 0. Now also reject extend cells with destination port or address
+ of 0. Suggested by lark.
o Minor bugfixes (on 0.2.1.x):
- Don't re-extend introduction circuits if we ran out of RELAY_EARLY
Modified: tor/trunk/src/or/circuitbuild.c
===================================================================
--- tor/trunk/src/or/circuitbuild.c 2009-03-09 00:43:03 UTC (rev 18811)
+++ tor/trunk/src/or/circuitbuild.c 2009-03-09 00:53:42 UTC (rev 18812)
@@ -762,7 +762,13 @@
id_digest = cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN;
tor_addr_from_ipv4h(&n_addr, n_addr32);
- /* First, check if they asked us for 0000..0000. We support using
+ if (!n_port || !n_addr32) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Client asked me to extend to zero destination port or addr.");
+ return -1;
+ }
+
+ /* Check if they asked us for 0000..0000. We support using
* an empty fingerprint for the first hop (e.g. for a bridge relay),
* but we don't want to let people send us extend cells for empty
* fingerprints -- a) because it opens the user up to a mitm attack,