commit 2d0377be75b158dde3a91b55d248fee4fe381452 Author: Mike Perry mikeperry-git@torproject.org Date: Wed Feb 23 00:42:31 2022 +0000

Reject intro2 cells that request unadvertized congestion control. --- src/feature/hs/hs_cell.c | 6 ++++++ src/test/test_hs_service.c | 1 + 2 files changed, 7 insertions(+)

diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index b7ab68f7c4..490f05e54f 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -952,6 +952,12 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, } }

+ /* If the client asked for congestion control, but we don't support it, + * that's a failure. It should not have asked, based on our descriptor. */ + if (data->cc_enabled && !congestion_control_enabled()) { + goto done; + } + /* Success. */ ret = 0; log_info(LD_REND, "Valid INTRODUCE2 cell. Launching rendezvous circuit."); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 33a3f279c6..482ee1a014 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -2330,6 +2330,7 @@ test_intro2_handling(void *arg) intro_circ->cpath->prev = intro_circ->cpath; intro_circ->hs_ident = tor_malloc_zero(sizeof(*intro_circ->hs_ident)); origin_circuit_t rend_circ; + TO_CIRCUIT(&rend_circ)->ccontrol = NULL; rend_circ.hs_ident = tor_malloc_zero(sizeof(*rend_circ.hs_ident)); curve25519_keypair_generate(&rend_circ.hs_ident->rendezvous_client_kp, 0); memset(rend_circ.hs_ident->rendezvous_cookie, 'r', HS_REND_COOKIE_LEN);