[tor-bugs] #19745 [Core Tor/Tor]: Tor2web clients ignore uptime when choosing rendezvous points

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 25 02:34:21 UTC 2016


#19745: Tor2web clients ignore uptime when choosing rendezvous points
------------------------------+--------------------------
     Reporter:  teor          |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.2.???
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:  tor2web
Actual Points:                |  Parent ID:
       Points:  0.2           |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------
 Normal Tor clients use LongLivedPorts to decide which circuits need to
 have good uptime.

 But in Tor2web clients, this check is skipped, because of an assumption
 that one-hop paths are always directory fetches.

 This means that when Tor2web chooses rendezvous points, it chooses
 regardless of their uptime, even if the port is in the list of
 LongLivesPorts.

 In circuit_get_open_circ_or_launch:
 {{{
   need_uptime = !conn->want_onehop && !conn->use_begindir &&
                 smartlist_contains_int_as_string(options->LongLivedPorts,
                                           conn->socks_request->port);
 }}}

 We could fix this by replacing `!conn->want_onehop` with checking whether
 the connection purpose is directory or rendezvous.

 This is not an issue in the majority of cases, because Tor2web typically
 uses ports 80 and 443, which aren't on the LongLivedPorts list. (It's also
 not an issue for Single Onion Services, which call
 circuit_launch_by_extend_info directly.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19745>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list