[tbb-bugs] #27930 [Applications/Tor Browser]: After XSS warning "New circuit for this site" and ctrl+shift+l have no effect

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 2 13:45:01 UTC 2018 

#27930: After XSS warning "New circuit for this site" and ctrl+shift+l have no
effect
------------------------------------------+----------------------
     Reporter:  traumschule               |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  noscript
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Accessing https://git.gnupg.org/ in TB showed an unexpected behavior:
 after browsing the git log suddenly connections were blocked:
 > Unable to connect
 - "New Circuit for this Site" and ctrl+shift+l had no effect
 - network / js log tell nothing about it (or i did not pick the right one)
 - tor info log shows {{{Edge got end (connection refused) before we're
 connected.}}}
 - accessing the site with another tor instance is no problem.

 This happened after clicking on the git link in https://bugs.debian.org
 /cgi-bin/bugreport.cgi?bug=900570#10 and this scary noscript XSS warning
 popped up (did not get why actually because the link is legit) and "Allow
 this request" was chosen.

 When repeating this process the site showed up and browsing and changing
 circuits worked again. This may have been an unlucky combination of a
 blocked bad exit and noscript preventing to choose new circuits?

 To reproduce this one would need to
 - trigger a noscript XSS warning
 - block the exit to see {{{Unable to connect}}}
 - try to change change the circuit

 bits of tor info log:
 {{{
 Oct 02 13:20:07.000 [info]
 channelpadding_send_padding_cell_for_callback(): Sending netflow keepalive
 on 3 to [scrubbed] ($id) after 7405 ms. Delta 1ms
 Oct 02 13:20:11.000 [info] connection_handle_listener_read(): New SOCKS
 connection opened from 127.0.0.1.
 Oct 02 13:20:11.000 [info] rep_hist_note_used_port(): New port prediction
 added. Will continue predictive circ building for 3560 more seconds.
 Oct 02 13:20:11.000 [info] connection_edge_process_inbuf(): data from edge
 while in 'waiting for circuit' state. Leaving it on buffer.
 Oct 02 13:20:11.000 [info] exit circ (length 3): $relay(open) $relay(open)
 $relay(open)
 Oct 02 13:20:11.000 [info] pathbias_count_use_attempt(): Used circuit 133
 is already in path state use succeeded. Circuit is a General-purpose
 client currently open.
 Oct 02 13:20:11.000 [info] link_apconn_to_circ(): Looks like completed
 circuit to [scrubbed] does allow optimistic data for connection to
 $address
 Oct 02 13:20:11.000 [info] connection_ap_handshake_send_begin(): Sending
 relay cell 0 on circ 3293765750 to begin stream 1333.
 Oct 02 13:20:11.000 [info] connection_ap_handshake_send_begin():
 Address/port sent, ap socket 14, n_circ_id 3293765750
 Oct 02 13:20:11.000 [info] connection_ap_process_end_not_open(): Edge got
 end (connection refused) before we're connected. Marking for close.
 Oct 02 13:20:11.000 [info] exit circ (length 3): $relay(open) $relay(open)
 $relay(open)
 Oct 02 13:20:11.000 [info] connection_handle_listener_read(): New SOCKS
 connection opened from 127.0.0.1.
 Oct 02 13:20:11.000 [info] rep_hist_note_used_port(): New port prediction
 added. Will continue predictive circ building for 3560 more seconds.
 Oct 02 13:20:11.000 [info] connection_edge_process_inbuf(): data from edge
 while in 'waiting for circuit' state. Leaving it on buffer.
 Oct 02 13:20:11.000 [info] exit circ (length 3): $relay(open) $relay(open)
 $relay(open)
 Oct 02 13:20:11.000 [info] pathbias_count_use_attempt(): Used circuit 133
 is already in path state use succeeded. Circuit is a General-purpose
 client currently open.
 Oct 02 13:20:11.000 [info] link_apconn_to_circ(): Looks like completed
 circuit to [scrubbed] does allow optimistic data for connection to
 $address
 Oct 02 13:20:11.000 [info] connection_ap_handshake_send_begin(): Sending
 relay cell 0 on circ 3293765750 to begin stream 1334.
 Oct 02 13:20:11.000 [info] connection_ap_handshake_send_begin():
 Address/port sent, ap socket 14, n_circ_id 3293765750
 Oct 02 13:20:11.000 [info] connection_ap_process_end_not_open(): Edge got
 end (connection refused) before we're connected. Marking for close.
 Oct 02 13:20:11.000 [info] exit circ (length 3): $relay(open) $relay(open)
 $relay(open)
 Oct 02 13:20:13.000 [info]
 channelpadding_send_padding_cell_for_callback(): Sending netflow keepalive
 on 3 to [scrubbed] ($id) after 1705 ms. Delta 5ms
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27930>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list