Merge branch 'maint-0.2.8' into release-0.2.8

This commit is contained in:
Nick Mathewson 2017-06-08 09:21:15 -04:00
commit 3ce02372d6
2 changed files with 9 additions and 1 deletions

7
changes/trove-2017-005 Normal file
View File

@ -0,0 +1,7 @@
o Major bugfixes (hidden service, relay, security):
- Fix an assertion failure caused by receiving a BEGIN_DIR cell on
a hidden service rendezvous circuit. Fixes bug 22494, tracked as
TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
by armadev.

View File

@ -1499,7 +1499,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
"Begin cell for known stream. Dropping."); "Begin cell for known stream. Dropping.");
return 0; return 0;
} }
if (rh.command == RELAY_COMMAND_BEGIN_DIR) { if (rh.command == RELAY_COMMAND_BEGIN_DIR &&
circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
/* Assign this circuit and its app-ward OR connection a unique ID, /* Assign this circuit and its app-ward OR connection a unique ID,
* so that we can measure download times. The local edge and dir * so that we can measure download times. The local edge and dir
* connection will be assigned the same ID when they are created * connection will be assigned the same ID when they are created