[tor-bugs] #4369 [Tor Relay]: I can send (almost) any cell I want before the VERSIONS or NETINFO cell
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Nov 1 08:09:11 UTC 2011
#4369: I can send (almost) any cell I want before the VERSIONS or NETINFO cell
-----------------------+----------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Relay | Version: Tor: 0.2.2.34
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
While debugging #4368 I noticed that I can send a CREATE cell right out of
the gate after the v2 handshake finishes, when the other side is expecting
a VERSIONS cell or (later) a NETINFO cell. My cell will be quietly dropped
with (by default) a log_info message.
Similarly, I can send CREATE cells interspersed in the VERSIONS / CERTS /
NETINFO cells in the v3 handshake, with no complaints louder than info.
But the spec says things like
{{{
No other intervening cell types are allowed.
}}}
and
{{{
When this handshake is in use, the first cell must
still be VERSIONS, and no other cell type is allowed to intervene
besides those specified, except for PADDING and VPADDING cells.
}}}
If this is a feature, meaning we're trying to be forgiving about arbitrary
future behavior, we should make it clearer in the spec.
If it's a bug, we should think about how thoroughly to fix it.
I think at least some part of this is a bug, for example because we don't
call or_handshake_state_record_cell() on the CREATE cells in the v3
handshake case since we drop them first.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4369>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list