From 77bf932c83a1a8b1cf627a66656f40dea715d75e Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Wed, 23 Feb 2022 00:23:23 +0000 Subject: [PATCH 1/2] Properly initialize the cc_enabled field in hs intro data. --- src/feature/hs/hs_circuit.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index 271bf652e7..f8a0e06d90 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -996,6 +996,7 @@ hs_circ_handle_introduce2(const hs_service_t *service, data.payload_len = payload_len; data.link_specifiers = smartlist_new(); data.replay_cache = ip->replay_cache; + data.cc_enabled = 0; if (get_subcredential_for_handling_intro2_cell(service, &data, subcredential)) { From 2d0377be75b158dde3a91b55d248fee4fe381452 Mon Sep 17 00:00:00 2001 From: Mike Perry Date: Wed, 23 Feb 2022 00:42:31 +0000 Subject: [PATCH 2/2] Reject intro2 cells that request unadvertized congestion control. --- src/feature/hs/hs_cell.c | 6 ++++++ src/test/test_hs_service.c | 1 + 2 files changed, 7 insertions(+) diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index b7ab68f7c4..490f05e54f 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -952,6 +952,12 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, } } + /* If the client asked for congestion control, but we don't support it, + * that's a failure. It should not have asked, based on our descriptor. */ + if (data->cc_enabled && !congestion_control_enabled()) { + goto done; + } + /* Success. */ ret = 0; log_info(LD_REND, "Valid INTRODUCE2 cell. Launching rendezvous circuit."); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 33a3f279c6..482ee1a014 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -2330,6 +2330,7 @@ test_intro2_handling(void *arg) intro_circ->cpath->prev = intro_circ->cpath; intro_circ->hs_ident = tor_malloc_zero(sizeof(*intro_circ->hs_ident)); origin_circuit_t rend_circ; + TO_CIRCUIT(&rend_circ)->ccontrol = NULL; rend_circ.hs_ident = tor_malloc_zero(sizeof(*rend_circ.hs_ident)); curve25519_keypair_generate(&rend_circ.hs_ident->rendezvous_client_kp, 0); memset(rend_circ.hs_ident->rendezvous_cookie, 'r', HS_REND_COOKIE_LEN);