tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit b38630ca56d1a8f9179b4d718f1e7fb0d0681560
parent 5d6e0b8e13a443eb67bee4a4748cc1631073a59c
Author: David Goulet <dgoulet@torproject.org>
Date:   Wed, 11 Jan 2023 09:03:29 -0500

Merge branch 'maint-0.4.7'

Diffstat:

Achanges/bug40563 | 8++++++++


Msrc/core/or/connection_or.c | 16++++++++++------


2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/changes/bug40563 b/changes/bug40563
@@ -0,0 +1,8 @@
+  o Major bugfixes (relay):
+    - When opening a channel because of a circuit request that did not
+      include an Ed25519 identity, record the Ed25519 identity that we
+      actually received, so that we can use the channel for other circuit
+      requests that _do_ list an Ed25519 identity.
+      (Previously we had code to record this identity, but a logic bug
+      caused it to be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha.
+      Patch from "cypherpunks".
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
@@ -179,13 +179,18 @@ connection_or_set_identity_digest(or_connection_t *conn,
   const int rsa_id_was_set = ! tor_digest_is_zero(conn->identity_digest);
   const int ed_id_was_set =
     chan && !ed25519_public_key_is_zero(&chan->ed25519_identity);
+  const int new_ed_id_is_set =
+    (ed_id && !ed25519_public_key_is_zero(ed_id));
   const int rsa_changed =
     tor_memneq(conn->identity_digest, rsa_digest, DIGEST_LEN);
-  const int ed_changed = ed_id_was_set &&
-    (!ed_id || !ed25519_pubkey_eq(ed_id, &chan->ed25519_identity));
+  const int ed_changed = bool_neq(ed_id_was_set, new_ed_id_is_set) ||
+    (ed_id_was_set && new_ed_id_is_set && chan &&
+     !ed25519_pubkey_eq(ed_id, &chan->ed25519_identity));
 
-  tor_assert(!rsa_changed || !rsa_id_was_set);
-  tor_assert(!ed_changed || !ed_id_was_set);
+  if (BUG(rsa_changed && rsa_id_was_set))
+    return;
+  if (BUG(ed_changed && ed_id_was_set))
+    return;
 
   if (!rsa_changed && !ed_changed)
     return;
@@ -200,8 +205,7 @@ connection_or_set_identity_digest(or_connection_t *conn,
   memcpy(conn->identity_digest, rsa_digest, DIGEST_LEN);
 
   /* If we're initializing the IDs to zero, don't add a mapping yet. */
-  if (tor_digest_is_zero(rsa_digest) &&
-      (!ed_id || ed25519_public_key_is_zero(ed_id)))
+  if (tor_digest_is_zero(rsa_digest) && !new_ed_id_is_set)
     return;
 
   /* Deal with channels */