Fix a bug in conflux_send_switch_command.

author Nick Mathewson <nickm@torproject.org>

Fri, 18 Apr 2025 00:26:20 +0000 (20:26 -0400)

committer Nick Mathewson <nickm@torproject.org>

Mon, 5 May 2025 17:07:37 +0000 (13:07 -0400)
author Nick Mathewson <nickm@torproject.org>
Fri, 18 Apr 2025 00:26:20 +0000 (20:26 -0400)
committer Nick Mathewson <nickm@torproject.org>
Mon, 5 May 2025 17:07:37 +0000 (13:07 -0400)
diff --git a/changes/bug41056 b/changes/bug41056

new file mode 100644 (file)

index 0000000..2a7dfc4
--- /dev/null
+++ b/changes/bug41056
@@ -0,0 +1,4 @@
+  o Minor bugfixes (protocol):
+    - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
+      messages.  Previously, it was always set to the maximum value.
+      Fixes bug 41056; bugfix on 0.4.8.1-alpha.
diff --git a/src/core/or/conflux_cell.c b/src/core/or/conflux_cell.c

index ae4a6c4a6fdf103c8f7f86f8c5443a5e258eca7b..03586e660bcd958cc66d8c43b3f9349bce024890 100644 (file)
--- a/src/core/or/conflux_cell.c
+++ b/src/core/or/conflux_cell.c
@@ -311,37 +311,34 @@ bool
  conflux_send_switch_command(circuit_t *send_circ, uint64_t relative_seq)
  {
    trn_cell_conflux_switch_t *switch_cell = trn_cell_conflux_switch_new();
-  cell_t cell;
+  uint8_t payload[RELAY_PAYLOAD_SIZE_MAX] = {0};
    bool ret = true;
  
    tor_assert(send_circ);
    tor_assert(relative_seq < UINT32_MAX);
  
-  memset(&cell, 0, sizeof(cell));
-
    trn_cell_conflux_switch_set_seqnum(switch_cell, (uint32_t)relative_seq);
  
-  if (trn_cell_conflux_switch_encode(cell.payload, RELAY_PAYLOAD_SIZE_MAX,
-                                     switch_cell) < 0) {
+  ssize_t len = trn_cell_conflux_switch_encode(
+                                payload, RELAY_PAYLOAD_SIZE_MAX,
+                                switch_cell);
+  if (len < 0) {
      log_warn(LD_BUG, "Failed to encode conflux switch cell");
      ret = false;
      goto end;
    }
  
    /* Send the switch command to the new hop */
-  // TODO CGO XXXXX Fix bug #41056.
    if (CIRCUIT_IS_ORIGIN(send_circ)) {
      relay_send_command_from_edge(0, send_circ,
                                 RELAY_COMMAND_CONFLUX_SWITCH,
-                               (const char*)cell.payload,
-                               RELAY_PAYLOAD_SIZE_MAX,
+                               (const char*)payload, len,
                                 TO_ORIGIN_CIRCUIT(send_circ)->cpath->prev);
    } else {
      relay_send_command_from_edge(0, send_circ,
                                 RELAY_COMMAND_CONFLUX_SWITCH,
-                               (const char*)cell.payload,
-                                 RELAY_PAYLOAD_SIZE_MAX,
-                                 NULL);
+                               (const char*)payload, len,
+                               NULL);
    }
  
  end:
author	Nick Mathewson <nickm@torproject.org>
	Fri, 18 Apr 2025 00:26:20 +0000 (20:26 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Mon, 5 May 2025 17:07:37 +0000 (13:07 -0400)
changes/bug41056	[new file with mode: 0644]	patch \| blob
src/core/or/conflux_cell.c		patch \| blob \| blame \| history