[tor-commits] [tor/master] Check for stream_id, not conn, on extend cells.
nickm at torproject.org
nickm at torproject.org
Wed Aug 15 17:19:32 UTC 2012
commit cdd882ee71fb2966854fe271d9896b7bf389b35c
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Aug 15 13:16:41 2012 -0400
Check for stream_id, not conn, on extend cells.
Extend cells aren't allowed to have a stream_id, but we were only
blocking them when they had a stream_id that corresponded to a
connection. As far as I can tell, this change is harmless: it will
make some kinds of broken clients not work any more, but afaik nobody
actually make a client that was broken in that way.
Found while hunting for other places where we made the same mistake
as in 6271.
Bugfix on d7f50337c14c back from May 2003, which introduced
telescoping circuit construction into 0.0.2pre8.
---
changes/bug6271-related | 6 ++++++
src/or/relay.c | 2 +-
2 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/changes/bug6271-related b/changes/bug6271-related
new file mode 100644
index 0000000..78e53c8
--- /dev/null
+++ b/changes/bug6271-related
@@ -0,0 +1,6 @@
+ o Minor bugfixes (spec conformance):
+ - Reject EXTEND cells sent to nonexistent streams. According to the
+ spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but
+ we were only checking for stream IDs that were currenty in use.
+ Found while hunting for more instances of bug 6271. Bugfix on
+ 0.0.2pre8, which introduced incremental circuit construction.
diff --git a/src/or/relay.c b/src/or/relay.c
index 33735de..a866d2d 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1175,7 +1175,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
case RELAY_COMMAND_EXTEND: {
static uint64_t total_n_extend=0, total_nonearly=0;
total_n_extend++;
- if (conn) {
+ if (rh.stream_id) {
log_fn(LOG_PROTOCOL_WARN, domain,
"'extend' cell received for non-zero stream. Dropping.");
return 0;
More information about the tor-commits
mailing list