rend_mid_rendezvous() encodes rendezvous cookie before checking for proto violation
rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request,
size_t request_len)
{
or_circuit_t *rend_circ;
char hexid[9];
int reason = END_CIRC_REASON_INTERNAL;
base16_encode(hexid,9,(char*)request,request_len<4?request_len:4);
if (request_len>=4) {
log_info(LD_REND,
"Got request for rendezvous from circuit %d to cookie %s.",
circ->p_circ_id, hexid);
}
[censored] found this:
rend_mid_rendezvous() fun. why need decode before protocol violation checks.
It doesn't seem exploitable but it would be good to do everything after the proto violation checks are done.