commit 2a95f3171681ee53c97ccba9d80f4454b462aaa7 Author: Andrea Shepard andrea@torproject.org Date: Sat Jun 15 02:16:00 2013 -0700

Disable middle relay queue overfill detection code due to possible guard discovery attack --- changes/bug9072 | 3 +++ src/or/relay.c | 5 +++++ 2 files changed, 8 insertions(+)

diff --git a/changes/bug9072 b/changes/bug9072 new file mode 100644 index 0000000..e594a38 --- /dev/null +++ b/changes/bug9072 @@ -0,0 +1,3 @@ + o Critical bugfixes: + - Disable middle relay queue overfill detection code due to possible + guard discovery attack, pending further analysis. Fixes bug #9072. diff --git a/src/or/relay.c b/src/or/relay.c index 087459c..fdb4bff 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -2548,6 +2548,10 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn, streams_blocked = circ->streams_blocked_on_p_conn; }

+ /* + * Disabling this for now because of a possible guard discovery attack + */ +#if 0 /* Are we a middle circuit about to exceed ORCIRC_MAX_MIDDLE_CELLS? */ if ((circ->n_conn != NULL) && CIRCUIT_IS_ORCIRC(circ)) { orcirc = TO_OR_CIRCUIT(circ); @@ -2566,6 +2570,7 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn, } } } +#endif

cell_queue_append_packed_copy(queue, cell);