[tor-bugs] #4368 [Tor Relay]: If we wanted to authenticate but we don't like the auth challenge, we never send a netinfo cell

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Nov 1 07:45:51 UTC 2011 

#4368: If we wanted to authenticate but we don't like the auth challenge, we never
send a netinfo cell
-----------------------+----------------------------------------------------
 Reporter:  arma       |          Owner:                    
     Type:  defect     |         Status:  new               
 Priority:  normal     |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Relay  |        Version:  Tor: 0.2.3.7-alpha
 Keywords:             |         Parent:                    
   Points:             |   Actualpoints:                    
-----------------------+----------------------------------------------------
 Once we fix #4367 it will be the case that a relay (initiator) who wants
 to authenticate, but gets a CELL_AUTH_CHALLENGE cell that it doesn't like
 (because it has no auth methods that the relay knows), ends up dropping
 the authenticate cell.

 But then the initiator sends no netinfo cell.

 The result is that the initiator thinks the connection is open (it drops
 the authenticate cell, but it already set
 conn->handshake_state->authenticated to 1 in command_process_cert_cell(),
 so when it receives the netinfo cell from the responder it will happily
 process it and end with connection_or_set_state_open()).

 But the responder doesn't think the conn is open, since it's not gotten a
 netinfo cell.

 The initiator will presumably then send another cell (e.g. a CREATE cell),
 since it initiated the connection for a reason. That cell will be silently
 dropped by the responder:
 {{{
   if (handshaking && cell->command != CELL_VERSIONS &&
       cell->command != CELL_NETINFO) {
     log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
            "Received unexpected cell command %d in state %s; ignoring
 it.",
            (int)cell->command,
            conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
     return;
   }
 }}}

 leaving the initiator wondering why it's talking to a black hole. Fun!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4368>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list