From: George Kadianakis Date: Wed, 18 Apr 2012 22:47:37 +0000 (+0200) Subject: rend_service_introduce(): do protocol violation check before anything else. X-Git-Tag: tor-0.2.3.14-alpha~12^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d276ab9d9193d5152fe2599e9d39f2df9ea7d43;p=thirdparty%2Ftor.git rend_service_introduce(): do protocol violation check before anything else. (Cherry-picked from 6ba13e4 by nickm) --- diff --git a/changes/bug5644 b/changes/bug5644 new file mode 100644 index 0000000000..a390eba996 --- /dev/null +++ b/changes/bug5644 @@ -0,0 +1,5 @@ + o Major bugfixes + - Prevent a client-side assertion failure when receiving an + INTRODUCE2 cell by an exit relay, in a general purpose + circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha + diff --git a/src/or/rendservice.c b/src/or/rendservice.c index bb3aacd924..a1daa8a550 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -909,13 +909,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t *access_time; or_options_t *options = get_options(); - tor_assert(circuit->rend_data); - - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN); - log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.", - escaped(serviceid), circuit->_base.n_circ_id); - if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) { log_warn(LD_PROTOCOL, "Got an INTRODUCE2 over a non-introduction circuit %d.", @@ -923,6 +916,13 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, return -1; } + tor_assert(circuit->rend_data); + + base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, + circuit->rend_data->rend_pk_digest, REND_SERVICE_ID_LEN); + log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.", + escaped(serviceid), circuit->_base.n_circ_id); + /* min key length plus digest length plus nickname length */ if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+ DH_KEY_LEN+42) {