[tor-bugs] #5623 [Tor Client]: directory_initiate_command() can pick a directory mirror which we later refuse as being in ExcludeExitNodes

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Apr 13 23:35:19 UTC 2012 

#5623: directory_initiate_command() can pick a directory mirror which we later
refuse as being in ExcludeExitNodes
------------------------+---------------------------------------------------
 Reporter:  arma        |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Client  |        Version:                    
 Keywords:              |         Parent:                    
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------
Description changed by arma:

Old description:

> In set my torrc to be the same as in #5610, restarted my Tor, and it
> wanted to fetch a microdesc.
> {{{
> Apr 13 18:54:04.000 [info] launch_descriptor_downloads(): Launching 1
> request for 1 router, 4 at a time
> Apr 13 18:54:04.000 [debug] smartlist_choose_node_by_bandwidth_weights():
> Choosing node for rule weight as directory based on weights Wg=0.307700
> Wm=1.000000 We=0.000000 Wd=0.128000 with total bw 571593023.800000
> Apr 13 18:54:04.000 [debug] directory_initiate_command_rend(): anonymized
> 0, use_begindir 1.
> Apr 13 18:54:04.000 [debug] directory_initiate_command_rend(): Initiating
> microdescriptor fetch
> Apr 13 18:54:04.000 [info] connection_ap_make_link(): Making internal
> direct tunnel to 188.138.82.143:443 ...
> Apr 13 18:54:04.000 [debug] connection_add_impl(): new conn type Socks,
> socket -1, address (Tor_internal), n_conns 3.
> Apr 13 18:54:04.000 [warn] Requested exit point
> '$2BC7B25AFFACBB861872248D3E19D77EE71CE1CE' is excluded or would refuse
> request. Closing.
> Apr 13 18:54:04.000 [warn] Making tunnel to dirserver failed.
> }}}
>
> Looks like launch_descriptor_downloads() calls
> initiate_descriptor_downloads() which calls
> directory_get_from_dirserver() which calls router_pick_directory_server()
> which does not exclude exits.
>
> I believe we don't want to exclude exits in this case. Quoting from
> ChangeLog,
> {{{
>         . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
>           a node that delivers user traffic outside the Tor network.
> }}}
>
> So I think the bug is in connection_ap_can_use_exit(). Probably where it
> says
> {{{
>   if (routerset_contains_node(options->_ExcludeExitNodesUnion, exit)) {
>     /* Not a suitable exit. Refuse it. */
>     return 0;
>   }
> }}}
> without checking if conn->use_begindir.

New description:

 I set my torrc to be the same as in #5610, restarted my Tor, and it wanted
 to fetch a microdesc.
 {{{
 Apr 13 18:54:04.000 [info] launch_descriptor_downloads(): Launching 1
 request for 1 router, 4 at a time
 Apr 13 18:54:04.000 [debug] smartlist_choose_node_by_bandwidth_weights():
 Choosing node for rule weight as directory based on weights Wg=0.307700
 Wm=1.000000 We=0.000000 Wd=0.128000 with total bw 571593023.800000
 Apr 13 18:54:04.000 [debug] directory_initiate_command_rend(): anonymized
 0, use_begindir 1.
 Apr 13 18:54:04.000 [debug] directory_initiate_command_rend(): Initiating
 microdescriptor fetch
 Apr 13 18:54:04.000 [info] connection_ap_make_link(): Making internal
 direct tunnel to 188.138.82.143:443 ...
 Apr 13 18:54:04.000 [debug] connection_add_impl(): new conn type Socks,
 socket -1, address (Tor_internal), n_conns 3.
 Apr 13 18:54:04.000 [warn] Requested exit point
 '$2BC7B25AFFACBB861872248D3E19D77EE71CE1CE' is excluded or would refuse
 request. Closing.
 Apr 13 18:54:04.000 [warn] Making tunnel to dirserver failed.
 }}}

 Looks like launch_descriptor_downloads() calls
 initiate_descriptor_downloads() which calls directory_get_from_dirserver()
 which calls router_pick_directory_server() which does not exclude exits.

 I believe we don't want to exclude exits in this case. Quoting from
 ChangeLog,
 {{{
         . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
           a node that delivers user traffic outside the Tor network.
 }}}

 So I think the bug is in connection_ap_can_use_exit(). Probably where it
 says
 {{{
   if (routerset_contains_node(options->_ExcludeExitNodesUnion, exit)) {
     /* Not a suitable exit. Refuse it. */
     return 0;
   }
 }}}
 without checking if conn->use_begindir.

--

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5623#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list