Merge remote-tracking branch 'rransom-tor/bug3332-v2'

changes/bug3332

@@ -0,0 +1,9 @@
+  o Minor bugfixes:
+    - Assert that hidden-service-related operations are not performed
+      using single-hop circuits.  Previously, Tor would assert that
+      client-side streams are not attached to single-hop circuits, but
+      not that other sensitive operations on the client and service
+      side are not performed using single-hop circuits.  Fixes bug
+      3332; bugfix on 0.0.6.
+
+

src/or/directory.c

@@ -858,6 +858,20 @@ directory_initiate_command(const char *address, const tor_addr_t *_addr,
                              if_modified_since, NULL);
 }
 
+/** Return non-zero iff a directory connection with purpose
+ * <b>dir_purpose</b> reveals sensitive information about a Tor
+ * instance's client activities.  (Such connections must be performed
+ * through normal three-hop Tor circuits.) */
+static int
+is_sensitive_dir_purpose(uint8_t dir_purpose)
+{
+  return ((dir_purpose == DIR_PURPOSE_FETCH_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_HAS_FETCHED_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC) ||
+          (dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2) ||
+          (dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2));
+}
+
 /** Same as directory_initiate_command(), but accepts rendezvous data to
  * fetch a hidden service descriptor. */
 static void
@@ -892,6 +906,9 @@ directory_initiate_command_rend(const char *address, const tor_addr_t *_addr,
 
   log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose));
 
+  tor_assert(!(is_sensitive_dir_purpose(dir_purpose) &&
+               !anonymized_connection));
+
   /* ensure that we don't make direct connections when a SOCKS server is
    * configured. */
   if (!anonymized_connection && !use_begindir && !options->HTTPProxy &&

src/or/rendclient.c

@@ -145,6 +145,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   tor_assert(rendcirc->rend_data);
   tor_assert(!rend_cmp_service_ids(introcirc->rend_data->onion_address,
                                    rendcirc->rend_data->onion_address));
+  tor_assert(!(introcirc->build_state->onehop_tunnel));
+  tor_assert(!(rendcirc->build_state->onehop_tunnel));
 
   if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1,
                               &entry) < 1) {
@@ -335,6 +337,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
   }
 
   tor_assert(circ->build_state->chosen_exit);
+  tor_assert(!(circ->build_state->onehop_tunnel));
   tor_assert(circ->rend_data);
 
   if (request_len == 0) {
@@ -346,6 +349,7 @@ rend_client_introduction_acked(origin_circuit_t *circ,
     rendcirc = circuit_get_by_rend_query_and_purpose(
                circ->rend_data->onion_address, CIRCUIT_PURPOSE_C_REND_READY);
     if (rendcirc) { /* remember the ack */
+      tor_assert(!(rendcirc->build_state->onehop_tunnel));
       rendcirc->_base.purpose = CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED;
       /* Set timestamp_dirty, because circuit_expire_building expects
        * it to specify when a circuit entered the

src/or/rendservice.c

@@ -905,6 +905,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   time_t *access_time;
   const or_options_t *options = get_options();
 
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->rend_data);
 
   base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
@@ -1359,6 +1360,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
   crypto_pk_env_t *intro_key;
 
   tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->cpath);
   tor_assert(circuit->rend_data);
 
@@ -1501,6 +1503,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
   tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND);
   tor_assert(circuit->cpath);
   tor_assert(circuit->build_state);
+  tor_assert(!(circuit->build_state->onehop_tunnel));
   tor_assert(circuit->rend_data);
   hop = circuit->build_state->pending_final_cpath;
   tor_assert(hop);