commit d1e4ffc710fd6620614d4f7f20f6ed5d1c266ae4
parent 033e4723f3651062779ff64a619ec526950857f5
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 16 May 2018 12:11:40 -0400
Merge branch 'bug26072_029' into maint-0.2.9
Diffstat:
2 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/changes/bug26072 b/changes/bug26072
@@ -0,0 +1,5 @@
+ o Minor bugfixes (correctness, client):
+ - Upon receiving a malformed connected cell, stop processing the cell
+ immediately. Previously we would mark the connection for close, but
+ continue processing the cell as if the connection were open. Fixes bug
+ 26072; bugfix on 0.2.4.7-alpha.
diff --git a/src/or/relay.c b/src/or/relay.c
@@ -1323,6 +1323,7 @@ connection_edge_process_relay_cell_not_open(
"Got a badly formatted connected cell. Closing.");
connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
+ return 0;
}
if (tor_addr_family(&addr) != AF_UNSPEC) {
const sa_family_t family = tor_addr_family(&addr);
