Disable middle relay queue overfill detection code due to possible guard discovery...

diff --git a/changes/bug9072 b/changes/bug9072
new file mode 100644 (file)
index 0000000..e594a38
--- /dev/null
+++ b/changes/bug9072
@@ -0,0 +1,3 @@
+  o Critical bugfixes:
+    - Disable middle relay queue overfill detection code due to possible
+      guard discovery attack, pending further analysis.  Fixes bug #9072.

diff --git a/src/or/relay.c b/src/or/relay.c
index 087459c5c0eb00fa8c5ac35dfeefa6e5eeeaca40..fdb4bff709ff32436e97dfd891a7d75d8ed4c852 100644 (file)
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -2548,6 +2548,10 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn,
     streams_blocked = circ->streams_blocked_on_p_conn;
   }
 
+  /*
+   * Disabling this for now because of a possible guard discovery attack
+   */
+#if 0
   /* Are we a middle circuit about to exceed ORCIRC_MAX_MIDDLE_CELLS? */
   if ((circ->n_conn != NULL) && CIRCUIT_IS_ORCIRC(circ)) {
     orcirc = TO_OR_CIRCUIT(circ);
@@ -2566,6 +2570,7 @@ append_cell_to_circuit_queue(circuit_t *circ, or_connection_t *orconn,
       }
     }
   }
+#endif
 
   cell_queue_append_packed_copy(queue, cell);