[tor-bugs] #15515 [Tor]: Don't allow multiple INTRODUCE1s on the same circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 21 18:44:24 UTC 2015
#15515: Don't allow multiple INTRODUCE1s on the same circuit
-------------------------+-------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version: Tor: 0.2.7
Resolution: | Keywords: 026-backport 025-backport
Actual Points: | 024-backport SponsorR, 027-triaged-1-in,
Points: small | SponsorU
| Parent ID: #15463
-------------------------+-------------------------------------------------
Comment (by asn):
Replying to [comment:26 qwerty1]:
> {{{#!c
> unsigned int already_received_introduce1 : 1;
> }}}
>
> `circ->already_received_introduce1` wants to be initialized to `0` - no
`INTRODUCE1` received on this circuit yet, otherwise the first
`INTRODUCE1` will be blocked too.
In `or_circuit_new()` we do:
{{{
circ = tor_malloc_zero(sizeof(or_circuit_t));
}}}
Since `tor_malloc_zero()` is used, this element should be inited to 0.
Same goes for `is_first_hop` etc.
Or not?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15515#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list