[or-cvs] r10818: Keep streamids from different exits on a circuit separate. T (in tor/trunk: . src/or)
arma at seul.org
arma at seul.org
Thu Jul 12 17:09:19 UTC 2007
Author: arma
Date: 2007-07-12 13:09:19 -0400 (Thu, 12 Jul 2007)
New Revision: 10818
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/relay.c
tor/trunk/src/or/routerlist.c
Log:
Keep streamids from different exits on a circuit separate. This
bug may have allowed other routers on a given circuit to inject
cells into streams. Reported by lodger; fixes bug 446. [Bugfix
on 0.1.2.x]
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-07-12 17:00:44 UTC (rev 10817)
+++ tor/trunk/ChangeLog 2007-07-12 17:09:19 UTC (rev 10818)
@@ -81,7 +81,13 @@
- Fix a possible buffer overrun when using BSD natd support. Bug found
by croup.
+ o Security fixes (circuits):
+ - Keep streamids from different exits on a circuit separate. This
+ bug may have allowed other routers on a given circuit to inject
+ cells into streams. Reported by lodger; fixes bug 446. [Bugfix
+ on 0.1.2.x]
+
Changes in version 0.2.0.2-alpha - 2007-06-02
o Major bugfixes on 0.2.0.1-alpha:
- Fix an assertion failure related to servers without extra-info digests.
Modified: tor/trunk/src/or/relay.c
===================================================================
--- tor/trunk/src/or/relay.c 2007-07-12 17:00:44 UTC (rev 10817)
+++ tor/trunk/src/or/relay.c 2007-07-12 17:09:19 UTC (rev 10818)
@@ -18,7 +18,8 @@
static int relay_crypt(circuit_t *circ, cell_t *cell, int cell_direction,
crypt_path_t **layer_hint, char *recognized);
static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
- int cell_direction);
+ int cell_direction,
+ crypt_path_t *layer_hint);
static int
connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
@@ -164,7 +165,8 @@
}
if (recognized) {
- edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction);
+ edge_connection_t *conn = relay_lookup_conn(circ, cell, cell_direction,
+ layer_hint);
if (cell_direction == CELL_DIRECTION_OUT) {
++stats_n_relay_cells_delivered;
log_debug(LD_OR,"Sending away from origin.");
@@ -380,7 +382,8 @@
* attached to circ, return that conn, else return NULL.
*/
static edge_connection_t *
-relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction)
+relay_lookup_conn(circuit_t *circ, cell_t *cell, int cell_direction,
+ crypt_path_t *layer_hint)
{
edge_connection_t *tmpconn;
relay_header_t rh;
@@ -398,7 +401,8 @@
for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
tmpconn=tmpconn->next_stream) {
if (rh.stream_id == tmpconn->stream_id &&
- !tmpconn->_base.marked_for_close) {
+ !tmpconn->_base.marked_for_close &&
+ tmpconn->cpath_layer == layer_hint) {
log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
return tmpconn;
}
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2007-07-12 17:00:44 UTC (rev 10817)
+++ tor/trunk/src/or/routerlist.c 2007-07-12 17:09:19 UTC (rev 10818)
@@ -1155,7 +1155,7 @@
*
* If <b>for_exit</b>, we're picking an exit node: consider all nodes'
* bandwidth equally regardless of their Exit status. If not <b>for_exit</b>,
- * we're picking a non-exit node: weight exit-node's bandwidth downwards
+ * we're picking a non-exit node: weight exit-node's bandwidth less
* depending on the smallness of the fraction of Exit-to-total bandwidth.
*/
static void *
More information about the tor-commits
mailing list