From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 17 Apr 2025 23:31:36 +0000 (-0400)
Subject: More tolerance for packaging too-long payloads
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b69536ee24cf23baf003ffcabe2483dd9c2a014;p=thirdparty%2Ftor.git

More tolerance for packaging too-long payloads

(There are _lots_ of places that build a payload that would be long enough
to fit into a V0 cell, then pass it to relay_send_command_from_edge.)
---

diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index 1f2ef34fdd..6965528ff1 100644
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -623,8 +623,16 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *orig_circ,
   {
     relay_cell_fmt_t cell_format = relay_msg_get_format(circ, cpath_layer);
     relay_msg_t msg;
-    tor_assert(payload_len <=
-               relay_cell_max_payload_size(cell_format, relay_command));
+    if (payload_len >
+        relay_cell_max_payload_size(cell_format, relay_command)) {
+      // TODO CGO: Rate-limit this?
+      log_warn(LD_BUG, "Tried to send a command %d of length %d in "
+               "a v%d cell, from %s:%d",
+               (int)relay_command, (int)payload_len, (int)cell_format,
+               filename, lineno);
+      circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
+      return -1;
+    }
 
     msg.relay_cell_proto = cell_format;
     msg.command = relay_command;
@@ -637,7 +645,8 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *orig_circ,
     msg_body_len = msg.length;
 
     if (relay_msg_encode_cell(cell_format, &msg, &cell) < 0) {
-      // This already gave a BUG warning, so no need to log.
+      // We already called IF_BUG_ONCE in relay_msg_encode_cell.
+      circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
       return -1;
     }
   }