[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/maint-0.4.2] dir: Return 503 code when rejecting single hop request



commit 3867ca4925a2e99b7bcc4526ccf4cfe602bef3bf
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date:   Thu Oct 24 11:25:05 2019 -0400

    dir: Return 503 code when rejecting single hop request
    
    Single hop rejection (POST and GET) for HS v3 descriptor now return a 503 code
    which is more accurate code from dir-spec.txt and from other rejection case in
    the code.
    
    For instance if you are not a relay and you get a POST request, a 503 code is
    sent back with a rejection message.
    
    Part of #31958
    
    Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
 src/feature/dircache/dircache.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 7c6af3582..d4d0ad993 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -1393,7 +1393,8 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn,
   /* Reject non anonymous dir connections (which also tests if encrypted). We
    * do not allow single hop clients to query an HSDir. */
   if (!connection_dir_is_anonymous(conn)) {
-    write_short_http_response(conn, 404, "Not found");
+    write_short_http_response(conn, 503,
+                              "Rejecting single hop HS v3 descriptor request");
     goto done;
   }
 
@@ -1636,7 +1637,12 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
   /* Handle HS descriptor publish request. We force an anonymous connection
    * (which also tests for encrypted). We do not allow single-hop client to
    * post a descriptor onto an HSDir. */
-  if (connection_dir_is_anonymous(conn) && !strcmpstart(url, "/tor/hs/")) {
+  if (!strcmpstart(url, "/tor/hs/")) {
+    if (!connection_dir_is_anonymous(conn)) {
+      write_short_http_response(conn, 503,
+                                "Rejecting single hop HS descriptor post");
+      goto done;
+    }
     const char *msg = "HS descriptor stored successfully.";
 
     /* We most probably have a publish request for an HS descriptor. */



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits