Patch from lark: drop BEGIN cells from a rendevous circuit if they do not originate...

svn:r18667

diff --git a/ChangeLog b/ChangeLog
index ffb4a1030e9a26edae197bb53853fd3a26420c15..31a87219b32de4a7a3439c9a383bc49569fdaa8f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,8 @@ Changes in version 0.2.1.13-????? - 2009-02-??
       stream never finished making its connection, it would live
       forever in circuit_wait state. Now we close it after SocksTimeout
       seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
+    - Drop begin cells to a hidden service if they come from the middle of a
+      circuit.  Patch from lark.
 
   o Minor features:
     - On Linux, use the prctl call to re-enable core dumps when the user

diff --git a/src/or/relay.c b/src/or/relay.c
index 0c607f04f7b0d2815a11ee8312978fe8cbfb8d9a..a6a8fef7071a47c04d010f842364f0de6823c887 100644 (file)
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1019,6 +1019,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
                "Relay begin request unsupported at AP. Dropping.");
         return 0;
       }
+      if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
+          layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
+        log_fn(LOG_PROTOCOL_WARN, LD_APP,
+               "Relay begin request to Hidden Service "
+               "from intermediary node. Dropping.");
+        return 0;
+      }
       if (conn) {
         log_fn(LOG_PROTOCOL_WARN, domain,
                "Begin cell for known stream. Dropping.");