14 years ago · 386966142e
--- a/changes/bug2442
+++ b/changes/bug2442
@@ -0,0 +1,8 @@
 
				+  * Minor bugfixes:
			
 
				+
			
 
				+    - Demote the 'replay detected' log message emitted when a hidden
			
 
				+      service receives the same Diffie-Hellman public key in two
			
 
				+      different INTRODUCE2 cells to info level.  A normal Tor client
			
 
				+      can cause that log message during its normal operation.  Bugfix
			
 
				+      on 0.2.1.6-alpha; fixes part of bug 2442.
			
 
				+
			
--- a/changes/bug2442b
+++ b/changes/bug2442b
@@ -0,0 +1,8 @@
 
				+  * Minor bugfixes:
			
 
				+
			
 
				+    - Demote the 'INTRODUCE2 cell is too {old,new}' log message to
			
 
				+      info level.  There is nothing that a hidden service's operator
			
 
				+      can do to fix its clients' clocks.  Bugfix on 0.2.1.6-alpha;
			
 
				+      fixes part of bug 2442.
			
 
				+
			
 
				+
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3898,14 +3898,17 @@ typedef struct rend_encoded_v2_service_descriptor_t {
 
				   char *desc_str; /**< Descriptor string. */
			
 
				 } rend_encoded_v2_service_descriptor_t;
			
 
				 
			
 
				-/** Introduction point information. */
			
 
				+/** Introduction point information.  Used both in rend_service_t (on
			
 
				+ * the service side) and in rend_service_descriptor_t (on both the
			
 
				+ * client and service side). */
			
 
				 typedef struct rend_intro_point_t {
			
 
				   extend_info_t *extend_info; /**< Extend info of this introduction point. */
			
 
				   crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service
			
 
				                                * key, if this descriptor is V2. */
			
 
				 } rend_intro_point_t;
			
 
				 
			
 
				-/** Information used to connect to a hidden service. */
			
 
				+/** Information used to connect to a hidden service.  Used on both the
			
 
				+ * service side and the client side. */
			
 
				 typedef struct rend_service_descriptor_t {
			
 
				   crypto_pk_env_t *pk; /**< This service's public key. */
			
 
				   int version; /**< Version of the descriptor format: 0 or 2. */
			
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1021,7 +1021,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
 
				     v3_shift += 4;
			
 
				     if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
			
 
				         (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
			
 
				-      log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
			
 
				+      /* This is far more likely to mean that a client's clock is
			
 
				+       * skewed than that a replay attack is in progress. */
			
 
				+      log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
			
 
				                (now - ts) < 0 ? "old" : "new");
			
 
				       return -1;
			
 
				     }
			
@@ -1125,7 +1127,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
 
				    * part 1. */
			
 
				   access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash);
			
 
				   if (access_time != NULL) {
			
 
				-    log_warn(LD_REND, "Possible replay detected! We received an "
			
 
				+    /* A Tor client will send a new INTRODUCE1 cell with the same rend
			
 
				+     * cookie and DH public key as its previous one if its intro circ
			
 
				+     * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT .
			
 
				+     * If we received the first INTRODUCE1 cell (the intro-point relay
			
 
				+     * converts it into an INTRODUCE2 cell), we are already trying to
			
 
				+     * connect to that rend point (and may have already succeeded);
			
 
				+     * drop this cell. */
			
 
				+    log_info(LD_REND, "We received an "
			
 
				              "INTRODUCE2 cell with same first part of "
			
 
				              "Diffie-Hellman handshake %d seconds ago. Dropping "
			
 
				              "cell.",