commit 3867ca4925a2e99b7bcc4526ccf4cfe602bef3bf
parent 985717675cf2c613ca88bae694695c5ee7db05d4
Author: David Goulet <dgoulet@torproject.org>
Date: Thu, 24 Oct 2019 11:25:05 -0400
dir: Return 503 code when rejecting single hop request
Single hop rejection (POST and GET) for HS v3 descriptor now return a 503 code
which is more accurate code from dir-spec.txt and from other rejection case in
the code.
For instance if you are not a relay and you get a POST request, a 503 code is
sent back with a rejection message.
Part of #31958
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
@@ -1393,7 +1393,8 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn,
/* Reject non anonymous dir connections (which also tests if encrypted). We
* do not allow single hop clients to query an HSDir. */
if (!connection_dir_is_anonymous(conn)) {
- write_short_http_response(conn, 404, "Not found");
+ write_short_http_response(conn, 503,
+ "Rejecting single hop HS v3 descriptor request");
goto done;
}
@@ -1636,7 +1637,12 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers,
/* Handle HS descriptor publish request. We force an anonymous connection
* (which also tests for encrypted). We do not allow single-hop client to
* post a descriptor onto an HSDir. */
- if (connection_dir_is_anonymous(conn) && !strcmpstart(url, "/tor/hs/")) {
+ if (!strcmpstart(url, "/tor/hs/")) {
+ if (!connection_dir_is_anonymous(conn)) {
+ write_short_http_response(conn, 503,
+ "Rejecting single hop HS descriptor post");
+ goto done;
+ }
const char *msg = "HS descriptor stored successfully.";
/* We most probably have a publish request for an HS descriptor. */
