Merge remote-tracking branch 'public/bug9546_023_v2' into maint-0.2.3

This commit is contained in:
Nick Mathewson 2013-08-25 00:32:27 -04:00
commit 8611195a00
4 changed files with 34 additions and 3 deletions

11
changes/bug9546 Normal file
View File

@ -0,0 +1,11 @@
o Major bugfixes:
- When a relay is extending a circuit to a bridge, it needs to send a
NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE
cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
- Bridges send AUTH_CHALLENGE cells during their handshakes; previously
they did not, which prevented relays from successfully connecting
to a bridge for self-test or bandwidth testing. Fixes bug 9546;
bugfix on 0.2.3.6-alpha.

View File

@ -755,8 +755,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
const int send_versions = !started_here;
/* If we want to authenticate, send a CERTS cell */
const int send_certs = !started_here || public_server_mode(get_options());
/* If we're a relay that got a connection, ask for authentication. */
const int send_chall = !started_here && public_server_mode(get_options());
/* If we're a host that got a connection, ask for authentication. */
const int send_chall = !started_here;
/* If our certs cell will authenticate us, we can send a netinfo cell
* right now. */
const int send_netinfo = !started_here;
@ -941,6 +941,16 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
* trustworthy. */
(void)my_apparent_addr;
if (! conn->handshake_state->sent_netinfo) {
/* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE
* cell, then we would not previously have sent a NETINFO cell. Do so
* now. */
if (connection_or_send_netinfo(conn) < 0) {
connection_mark_for_close(TO_CONN(conn));
return;
}
}
if (connection_or_set_state_open(conn)<0) {
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but "
"was unable to make the OR connection become open.",

View File

@ -1975,6 +1975,12 @@ connection_or_send_netinfo(or_connection_t *conn)
tor_assert(conn->handshake_state);
if (conn->handshake_state->sent_netinfo) {
log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection "
"where we already sent one.");
return 0;
}
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_NETINFO;
@ -2009,6 +2015,7 @@ connection_or_send_netinfo(or_connection_t *conn)
}
conn->handshake_state->digest_sent_data = 0;
conn->handshake_state->sent_netinfo = 1;
connection_or_write_cell_to_buf(&cell, conn);
return 0;
@ -2137,7 +2144,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
const tor_cert_t *id_cert=NULL, *link_cert=NULL;
const digests_t *my_digests, *their_digests;
const uint8_t *my_id, *their_id, *client_id, *server_id;
if (tor_tls_get_my_certs(0, &link_cert, &id_cert))
if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
return -1;
my_digests = tor_cert_get_id_digests(id_cert);
their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert);

View File

@ -1161,6 +1161,9 @@ typedef struct or_handshake_state_t {
/* True iff we've received valid authentication to some identity. */
unsigned int authenticated : 1;
/* True iff we have sent a netinfo cell */
unsigned int sent_netinfo : 1;
/** True iff we should feed outgoing cells into digest_sent and
* digest_received respectively.
*