Don't serve or accept v2 HS descs over a DirPort

(changes file tweaked by nickm)

diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644 (file)
index 0000000..35b492a
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+  o Minor bugfixes:
+
+    - Don't serve or accept v2 hidden service descriptors over a
+      relay's DirPort. It's never correct to do so, and disabling it
+      might make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+

diff --git a/src/or/directory.c b/src/or/directory.c
index f1510b970a6cb972195e257875fafe933e5946fb..f235bf3b41e566209edd01984b5e212f6a34ea7e 100644 (file)
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   }
 
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
        !strcmpstart(url,"/tor/rendezvous2/")) {
     /* Handle v2 rendezvous descriptor fetch request. */
     const char *descp;
@@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
 
   /* Handle v2 rendezvous service publish request. */
   if (options->HidServDirectoryV2 &&
+      connection_dir_is_encrypted(conn) &&
       !strcmpstart(url,"/tor/rendezvous2/publish")) {
     switch (rend_cache_store_v2_desc_as_dir(body)) {
       case -2: