Patch from lark: drop BEGIN cells from a rendevous circuit if they do not originate from the end of the circuit.

svn:r18667
2024-11-27 22:03:31 +01:00 · 2009-02-21 19:07:01 +00:00 · 2009-02-21 19:07:01 +00:00 · 192b701fac
commit 192b701fac
parent 1b6688786c
2 changed files with 9 additions and 0 deletions
--- a/2
+++ b/2
@ -28,6 +28,8 @@ Changes in version 0.2.1.13-????? - 2009-02-??
      stream never finished making its connection, it would live
      forever in circuit_wait state. Now we close it after SocksTimeout
      seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
+    - Drop begin cells to a hidden service if they come from the middle of a
+      circuit.  Patch from lark.

  o Minor features:
    - On Linux, use the prctl call to re-enable core dumps when the user
--- a/src/or/relay.c
+++ b/src/or/relay.c
@ -1019,6 +1019,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
               "Relay begin request unsupported at AP. Dropping.");
        return 0;
      }
+      if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
+          layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
+        log_fn(LOG_PROTOCOL_WARN, LD_APP,
+               "Relay begin request to Hidden Service "
+               "from intermediary node. Dropping.");
+        return 0;
+      }
      if (conn) {
        log_fn(LOG_PROTOCOL_WARN, domain,
               "Begin cell for known stream. Dropping.");