commit ab1f82ea2a3ef9f9bc920885e40e7b477b3dfb93
parent ab1f39322c22c3801ffd3a7e6842352230fff113
Author: Nick Mathewson <nickm@torproject.org>
Date: Tue, 23 Jul 2019 14:03:30 -0400
Merge branch 'ticket24963_042_02'
Diffstat:
3 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/changes/ticket24963 b/changes/ticket24963
@@ -0,0 +1,5 @@
+ o Minor feature (onion service):
+ - Disallow single hop clients to introduce directly at the introduction
+ point. We've removed Tor2web a while back and rendezvous are blocked at
+ the relays. This is to remove load off the network from spammy clients.
+ Close ticket 24963.
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
@@ -10,6 +10,7 @@
#include "core/or/or.h"
#include "app/config/config.h"
+#include "core/or/channel.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "core/or/relay.h"
@@ -546,6 +547,14 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ)
return 0;
}
+ /* Disallow single hop client circuit. */
+ if (circ->p_chan && channel_is_client(circ->p_chan)) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Single hop client was rejected while trying to introduce. "
+ "Closing circuit.");
+ return 0;
+ }
+
return 1;
}
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
@@ -16,6 +16,7 @@
#include "lib/crypt_ops/crypto_rand.h"
#include "core/or/or.h"
+#include "core/or/channel.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "ht.h"
@@ -693,6 +694,17 @@ test_introduce1_suitable_circuit(void *arg)
tt_int_op(ret, OP_EQ, 0);
}
+ /* Single hop circuit should not be allowed. */
+ {
+ circ = or_circuit_new(0, NULL);
+ circ->p_chan = tor_malloc_zero(sizeof(channel_t));
+ circ->p_chan->is_client = 1;
+ ret = circuit_is_suitable_for_introduce1(circ);
+ tor_free(circ->p_chan);
+ circuit_free_(TO_CIRCUIT(circ));
+ tt_int_op(ret, OP_EQ, 0);
+ }
+
done:
;
}
@@ -927,4 +939,3 @@ struct testcase_t hs_intropoint_tests[] = {
END_OF_TESTCASES
};
-
