diff --git a/changes/bug5644 b/changes/bug5644
new file mode 100644
index 0000000000..a390eba996
--- /dev/null
+++ b/changes/bug5644
@@ -0,0 +1,5 @@
+  o Major bugfixes
+    - Prevent a client-side assertion failure when receiving an
+      INTRODUCE2 cell by an exit relay, in a general purpose
+      circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 30b0d88af6..44e6697018 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1064,6 +1064,13 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   time_t *access_time;
   const or_options_t *options = get_options();
 
+  if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) {
+    log_warn(LD_PROTOCOL,
+             "Got an INTRODUCE2 over a non-introduction circuit %d.",
+             circuit->_base.n_circ_id);
+    return -1;
+  }
+
 #ifndef NON_ANONYMOUS_MODE_ENABLED
   tor_assert(!(circuit->build_state->onehop_tunnel));
 #endif
@@ -1074,13 +1081,6 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %d.",
            escaped(serviceid), circuit->_base.n_circ_id);
 
-  if (circuit->_base.purpose != CIRCUIT_PURPOSE_S_INTRO) {
-    log_warn(LD_PROTOCOL,
-             "Got an INTRODUCE2 over a non-introduction circuit %d.",
-             circuit->_base.n_circ_id);
-    return -1;
-  }
-
   /* min key length plus digest length plus nickname length */
   if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+
       DH_KEY_LEN+42) {