Merge branch 'maint-0.2.3'

changes/bug6252

@@ -1,8 +0,0 @@
-  o Security fixes:
-    - Tear down the circuit if we get an unexpected SENDME cell. Clients
-      could use this trick to make their circuits receive cells faster
-      than our flow control would have allowed, or to gum up the network,
-      or possibly to do targeted memory denial-of-service attacks on
-      entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
-      from July 2002, before the release of Tor 0.0.0.
-

src/or/relay.c

@@ -1265,25 +1265,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
     case RELAY_COMMAND_SENDME:
       if (!conn) {
         if (layer_hint) {
-          if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
-                CIRCWINDOW_START_MAX) {
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-                   "Bug/attack: unexpected sendme cell from exit relay. "
-                   "Closing circ.");
-            return -END_CIRC_REASON_TORPROTOCOL;
-          }
           layer_hint->package_window += CIRCWINDOW_INCREMENT;
           log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
                     layer_hint->package_window);
           circuit_resume_edge_reading(circ, layer_hint);
         } else {
-          if (circ->package_window + CIRCWINDOW_INCREMENT >
-                CIRCWINDOW_START_MAX) {
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-                   "Bug/attack: unexpected sendme cell from client. "
-                   "Closing circ.");
-            return -END_CIRC_REASON_TORPROTOCOL;
-          }
           circ->package_window += CIRCWINDOW_INCREMENT;
           log_debug(LD_APP,
                     "circ-level sendme at non-origin, packagewindow %d.",