[tor-commits] [tor/master] Don't serve or accept v2 HS descs over a DirPort
nickm at torproject.org
nickm at torproject.org
Fri Oct 19 07:06:27 UTC 2012
commit d3bfdd6108d084c77f60b16319f6ef24ac447373
Author: Robert Ransom <rransom.8774 at gmail.com>
Date: Tue Sep 11 13:00:05 2012 -0700
Don't serve or accept v2 HS descs over a DirPort
(changes file tweaked by nickm)
---
changes/dirserv-BUGGY-a | 7 +++++++
src/or/directory.c | 2 ++
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
new file mode 100644
index 0000000..35b492a
--- /dev/null
+++ b/changes/dirserv-BUGGY-a
@@ -0,0 +1,7 @@
+ o Minor bugfixes:
+
+ - Don't serve or accept v2 hidden service descriptors over a
+ relay's DirPort. It's never correct to do so, and disabling it
+ might make it more annoying to exploit any bugs that turn up in the
+ descriptor-parsing code. Fixes bug 7149.
+
diff --git a/src/or/directory.c b/src/or/directory.c
index f1510b9..f235bf3 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -3178,6 +3178,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
}
if (options->HidServDirectoryV2 &&
+ connection_dir_is_encrypted(conn) &&
!strcmpstart(url,"/tor/rendezvous2/")) {
/* Handle v2 rendezvous descriptor fetch request. */
const char *descp;
@@ -3364,6 +3365,7 @@ directory_handle_command_post(dir_connection_t *conn, const char *headers,
/* Handle v2 rendezvous service publish request. */
if (options->HidServDirectoryV2 &&
+ connection_dir_is_encrypted(conn) &&
!strcmpstart(url,"/tor/rendezvous2/publish")) {
switch (rend_cache_store_v2_desc_as_dir(body)) {
case -2:
More information about the tor-commits
mailing list