From d13389b30ec2e17a8f08a00f82fac420ae968cd1 Mon Sep 17 00:00:00 2001
From: Roger Dingledine <arma@torproject.org>
Date: Sun, 1 Jul 2012 17:36:35 -0400
Subject: [PATCH] Revert "Detect bug 6252 (unexpected sendme cell)"

This reverts commit c32ec9c425e9539bcc8ede95612e2d331c2cc2dd.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
---
 changes/bug6252 |  8 --------
 src/or/relay.c  | 14 --------------
 2 files changed, 22 deletions(-)
 delete mode 100644 changes/bug6252

diff --git a/changes/bug6252 b/changes/bug6252
deleted file mode 100644
index 0d29203fab..0000000000
--- a/changes/bug6252
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Security fixes:
-    - Tear down the circuit if we get an unexpected SENDME cell. Clients
-      could use this trick to make their circuits receive cells faster
-      than our flow control would have allowed, or to gum up the network,
-      or possibly to do targeted memory denial-of-service attacks on
-      entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
-      from July 2002, before the release of Tor 0.0.0.
-
diff --git a/src/or/relay.c b/src/or/relay.c
index 4ab440384f..3f894bfe1f 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -1265,25 +1265,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
     case RELAY_COMMAND_SENDME:
       if (!conn) {
         if (layer_hint) {
-          if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
-                CIRCWINDOW_START_MAX) {
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-                   "Bug/attack: unexpected sendme cell from exit relay. "
-                   "Closing circ.");
-            return -END_CIRC_REASON_TORPROTOCOL;
-          }
           layer_hint->package_window += CIRCWINDOW_INCREMENT;
           log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
                     layer_hint->package_window);
           circuit_resume_edge_reading(circ, layer_hint);
         } else {
-          if (circ->package_window + CIRCWINDOW_INCREMENT >
-                CIRCWINDOW_START_MAX) {
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-                   "Bug/attack: unexpected sendme cell from client. "
-                   "Closing circ.");
-            return -END_CIRC_REASON_TORPROTOCOL;
-          }
           circ->package_window += CIRCWINDOW_INCREMENT;
           log_debug(LD_APP,
                     "circ-level sendme at non-origin, packagewindow %d.",