[tor/master] Even when we can't answer an AUTH_CHALLENGE, send NETINFO. - tor-commits

15 Nov 2011

commit 325a659cb16350b1e28db803e2e673068ca2eb82
Author: Nick Mathewson nickm@torproject.org
Date:   Thu Nov 3 12:40:02 2011 -0400
Even when we can't answer an AUTH_CHALLENGE, send NETINFO.
Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty".
---
 changes/bug4368  |    4 ++++
 src/or/command.c |   25 +++++++++++++++++--------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/changes/bug4368 b/changes/bug4368
new file mode 100644
index 0000000..54b4882
--- /dev/null
+++ b/changes/bug4368
@@ -0,0 +1,4 @@
+  o Minor bugfixes:
+    - If a relay receives an AUTH_CHALLENGE it can't answer, it should
+      still send a NETINFO cell to allow the connection to become open.
+      Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty".
diff --git a/src/or/command.c b/src/or/command.c
index 6eb261c..5d0ebaa 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -1100,7 +1100,14 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
conn->handshake_state->received_auth_challenge = 1;
-  if (use_type >= 0 && public_server_mode(get_options())) {
+  if (! public_server_mode(get_options())) {
+    /* If we're not a public server then we don't want to authenticate on a
+       connection we originated, and we already sent a NETINFO cell when we
+       got the CERTS cell. We have nothing more to do. */
+    return;
+  }
+
+  if (use_type >= 0) {
     log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
              "authentication",
              safe_str(conn->_base.address), conn->_base.port);
@@ -1110,16 +1117,18 @@ command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
       connection_mark_for_close(TO_CONN(conn));
       return;
     }
-    if (connection_or_send_netinfo(conn) < 0) {
-      log_warn(LD_OR, "Couldn't send netinfo cell");
-      connection_mark_for_close(TO_CONN(conn));
-      return;
-    }
   } else {
-    log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Not "
-             "authenticating",
+    log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
+             "know any of its authentication types. Not authenticating.",
              safe_str(conn->_base.address), conn->_base.port);
   }
+
+  if (connection_or_send_netinfo(conn) < 0) {
+    log_warn(LD_OR, "Couldn't send netinfo cell");
+    connection_mark_for_close(TO_CONN(conn));
+    return;
+  }
+
 #undef ERR
 }

    