diff --git a/changes/bug26072 b/changes/bug26072 new file mode 100644 index 0000000000..2489e4fbb5 --- /dev/null +++ b/changes/bug26072 @@ -0,0 +1,5 @@ + o Minor bugfixes (correctness, client): + - Upon receiving a malformed connected cell, stop processing the cell + immediately. Previously we would mark the connection for close, but + continue processing the cell as if the connection were open. Fixes bug + 26072; bugfix on 0.2.4.7-alpha. diff --git a/src/or/relay.c b/src/or/relay.c index add5a04190..15aa5557b4 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1308,6 +1308,7 @@ connection_edge_process_relay_cell_not_open( "Got a badly formatted connected cell. Closing."); connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL); connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL); + return 0; } if (tor_addr_family(&addr) != AF_UNSPEC) { const sa_family_t family = tor_addr_family(&addr);