* just tag at a later point.
*/
PATH_STATE_USE_SUCCEEDED = 3,
+
+ /**
+ * This is a special state to indicate that we got a corrupted
+ * relay cell on a circuit and we don't intend to probe it.
+ */
+ PATH_STATE_USE_FAILED = 4,
} path_state_t;
/** An origin_circuit_t holds data necessary to build and use a circuit.
/** Kludge to help us prevent the warn in bug #6475 and eventually
* debug why we are not seeing first hops in some cases. */
- path_state_t path_state : 2;
+ path_state_t path_state : 3;
/** Set iff this is a hidden-service circuit which has timed out
* according to our current circuit-build timeout, but which has
(void) layer_hint; /* unused */
if (rh->length > 0) {
- /* Path bias: If we get a valid reason code from the exit,
- * it wasn't due to tagging */
- // XXX: This relies on recognized+digest being strong enough not
- // to be spoofable.. Is that a valid assumption?
- // Or more accurately: is it better than nothing? Can the attack
- // be done offline?
- circ->path_state = PATH_STATE_USE_SUCCEEDED;
+ if (reason == END_STREAM_REASON_TORPROTOCOL ||
+ reason == END_STREAM_REASON_INTERNAL ||
+ reason == END_STREAM_REASON_DESTROY) {
+ /* All three of these reasons could mean a failed tag
+ * hit the exit and it shat itself. Do not probe.
+ * Fail the circuit. */
+ circ->path_state = PATH_STATE_USE_FAILED;
+ return -END_CIRC_REASON_TORPROTOCOL;
+ } else {
+ /* Path bias: If we get a valid reason code from the exit,
+ * it wasn't due to tagging */
+ // XXX: This relies on recognized+digest being strong enough not
+ // to be spoofable.. Is that a valid assumption?
+ // Or more accurately: is it better than nothing? Can the attack
+ // be done offline?
+ circ->path_state = PATH_STATE_USE_SUCCEEDED;
+ }
}
if (rh->length > 0 && edge_reason_is_retriable(reason) &&
projects / thirdparty / tor.git / commitdiff
