Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Revert "Detect bug 6252 (unexpected sendme cell)"

This reverts commit c32ec9c425e9539bcc8ede95612e2d331c2cc2dd.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
Roger Dingledine 12 years ago
parent
c32ec9c425
commit
d13389b30e
2 changed files with 0 additions and 22 deletions
Split View Show Diff Stats
  1. 0 8
      changes/bug6252
  2. 0 14
      src/or/relay.c

+ 0 - 8
changes/bug6252
View File 

@@ -1,8 +0,0 @@
 
-  o Security fixes:
 
-    - Tear down the circuit if we get an unexpected SENDME cell. Clients
 
-      could use this trick to make their circuits receive cells faster
 
-      than our flow control would have allowed, or to gum up the network,
 
-      or possibly to do targeted memory denial-of-service attacks on
 
-      entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
 
-      from July 2002, before the release of Tor 0.0.0.
 
-

+ 0 - 14
src/or/relay.c
View File 

@@ -1265,25 +1265,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
 
     case RELAY_COMMAND_SENDME:
 
       if (!conn) {
 
         if (layer_hint) {
 
-          if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
 
-                CIRCWINDOW_START_MAX) {
 
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 
-                   "Bug/attack: unexpected sendme cell from exit relay. "
 
-                   "Closing circ.");
 
-            return -END_CIRC_REASON_TORPROTOCOL;
 
-          }
 
           layer_hint->package_window += CIRCWINDOW_INCREMENT;
 
           log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
 
                     layer_hint->package_window);
 
           circuit_resume_edge_reading(circ, layer_hint);
 
         } else {
 
-          if (circ->package_window + CIRCWINDOW_INCREMENT >
 
-                CIRCWINDOW_START_MAX) {
 
-            log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 
-                   "Bug/attack: unexpected sendme cell from client. "
 
-                   "Closing circ.");
 
-            return -END_CIRC_REASON_TORPROTOCOL;
 
-          }
 
           circ->package_window += CIRCWINDOW_INCREMENT;
 
           log_debug(LD_APP,
 
                     "circ-level sendme at non-origin, packagewindow %d.",