diff --git a/ChangeLog b/ChangeLog
index 40649de45b4d58faeef6aa5f4d6c9635dfee4525..aee937c31d78796ac4359a93589f2c55514dd1ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,9 @@ Changes in version 0.2.1.13-alpha - 2009-02-09
       manner, to avoid platform-dependent behavior on malformed input.
     - Build correctly when configured to build outside the main source
       path. Patch from Michael Gold.
+    - We were already rejecting relay begin cells with destination port
+      of 0. Now also reject extend cells with destination port or address
+      of 0. Suggested by lark.
 
   o Minor bugfixes (on 0.2.1.x):
     - Don't re-extend introduction circuits if we ran out of RELAY_EARLY
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 42da9e6fe0aec8ed3fa9f419a35fcb4e6d28746a..1cda8e870d72e9ce0ef50df7ad4c5eebf3b6a303 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -762,7 +762,13 @@ circuit_extend(cell_t *cell, circuit_t *circ)
   id_digest = cell->payload+RELAY_HEADER_SIZE+4+2+ONIONSKIN_CHALLENGE_LEN;
   tor_addr_from_ipv4h(&n_addr, n_addr32);
 
-  /* First, check if they asked us for 0000..0000. We support using
+  if (!n_port || !n_addr32) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to extend to zero destination port or addr.");
+    return -1;
+  }
+
+  /* Check if they asked us for 0000..0000. We support using
    * an empty fingerprint for the first hop (e.g. for a bridge relay),
    * but we don't want to let people send us extend cells for empty
    * fingerprints -- a) because it opens the user up to a mitm attack,