+++ /dev/null
- o Security fixes:
- - Tear down the circuit if we get an unexpected SENDME cell. Clients
- could use this trick to make their circuits receive cells faster
- than our flow control would have allowed, or to gum up the network,
- or possibly to do targeted memory denial-of-service attacks on
- entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
- from July 2002, before the release of Tor 0.0.0.
-
case RELAY_COMMAND_SENDME:
if (!conn) {
if (layer_hint) {
- if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
- CIRCWINDOW_START_MAX) {
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Bug/attack: unexpected sendme cell from exit relay. "
- "Closing circ.");
- return -END_CIRC_REASON_TORPROTOCOL;
- }
layer_hint->package_window += CIRCWINDOW_INCREMENT;
log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
layer_hint->package_window);
circuit_resume_edge_reading(circ, layer_hint);
} else {
- if (circ->package_window + CIRCWINDOW_INCREMENT >
- CIRCWINDOW_START_MAX) {
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Bug/attack: unexpected sendme cell from client. "
- "Closing circ.");
- return -END_CIRC_REASON_TORPROTOCOL;
- }
circ->package_window += CIRCWINDOW_INCREMENT;
log_debug(LD_APP,
"circ-level sendme at non-origin, packagewindow %d.",
projects / thirdparty / tor.git / commitdiff
