[tor-bugs] #7947 [Tor]: Do handle TRUNCATE command properly if circuit pending still
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 14 10:30:03 UTC 2013
#7947: Do handle TRUNCATE command properly if circuit pending still
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-relay | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by cypherpunks):
circ->n_hop and circ->n_chan can't be set in the same time anyway. You
could place tor_assert(!circ->n_chan) for sure.
No, it wasn't tested. It even makes attack-with-zillion-connections-to-
internet even easy, no need to buld new circuits or wait success of extend
request -- just truncate and extend to new target. But you can't prevent
it if no fix placed, anyway. Legitimate client still have purpose not to
wait for answer to truncate non finished extend request yet and repeat to
new address, even if no connection complete or no create cell flushed yet
or something else.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7947#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list