Commit 3867ca49 authored by David Goulet's avatar David Goulet 🐼
Browse files

dir: Return 503 code when rejecting single hop request 



Single hop rejection (POST and GET) for HS v3 descriptor now return a 503 code
which is more accurate code from dir-spec.txt and from other rejection case in
the code.

For instance if you are not a relay and you get a POST request, a 503 code is
sent back with a rejection message.

Part of #31958

Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent 98571767

src/feature/dircache/dircache.c

+8 −2
Original line number Diff line number Diff line
@@ -1393,7 +1393,8 @@ handle_get_hs_descriptor_v3(dir_connection_t *conn, 
  /* Reject non anonymous dir connections (which also tests if encrypted). We

   * do not allow single hop clients to query an HSDir. */

  if (!connection_dir_is_anonymous(conn)) {

    write_short_http_response(conn, 404, "Not found");

    write_short_http_response(conn, 503,

                              "Rejecting single hop HS v3 descriptor request");

    goto done;

  }
@@ -1636,7 +1637,12 @@ directory_handle_command_post,(dir_connection_t *conn, const char *headers, 
  /* Handle HS descriptor publish request. We force an anonymous connection

   * (which also tests for encrypted). We do not allow single-hop client to

   * post a descriptor onto an HSDir. */

  if (connection_dir_is_anonymous(conn) && !strcmpstart(url, "/tor/hs/")) {

  if (!strcmpstart(url, "/tor/hs/")) {

    if (!connection_dir_is_anonymous(conn)) {

      write_short_http_response(conn, 503,

                                "Rejecting single hop HS descriptor post");

      goto done;

    }

    const char *msg = "HS descriptor stored successfully.";



    /* We most probably have a publish request for an HS descriptor. */