[tor-bugs] #18620 [Core Tor/Tor]: HSFORGET command to clear cached client state for a HS

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 17 01:59:15 UTC 2016

#18620: HSFORGET command to clear cached client state for a HS
 Reporter:  str4d                                |          Owner:  str4d
     Type:  enhancement                          |         Status:
 Priority:  Medium                               |  needs_revision
Component:  Core Tor/Tor                         |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.9.x-final
 Keywords:  tor-hs, 029-accepted, review-        |        Version:  Tor:
  group-1                                        |
Parent ID:                                       |     Resolution:
 Reviewer:  asn, special                         |  Actual Points:
                                                 |         Points:  small
                                                 |        Sponsor:
                                                 |  SponsorR-can
Changes (by special):

 * status:  needs_review => needs_revision


 I agree with arma. Any client application that needs this function is
 actually working around a bug in tor. We should make tor smarter to solve
 whatever issues this avoids.

 That said, I'm not opposed to having this function if people have other
 uses for it. I could imagine this being useful for testing and scripts.

 I have some control-spec comments:

 We encourage applications to use this by mentioning unstable internet
 connections as a use case. I would rather not.

 I don't think the `DescCookie` parameter is useful. There is no case as a
 client where we can use a descriptor that requires authorization without
 the cookie being configured (such as via `HidServAuth`). Instead of having
 a cookie parameter, you could look up the cookie using

 There are also a few code issues, some of which are obsolete after my
 suggestion above, but I'll mention them anyway:

  +  char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_BASE64 + 2 + 1];
  +    descriptor_cookie_decoded = tor_malloc(REND_DESC_COOKIE_LEN + 2);
  +    /* Add trailing zero bytes (AA) to make base64-decoding happy. */

 You could replace all of this logic with the recently-created
 `rend_auth_decode_cookie` function.

  +    if (base64_decode(descriptor_cookie_decoded,
  +                      sizeof(descriptor_cookie_decoded),

 `descriptor_cookie_decoded` is `char *`, not a char array, so sizeof is
 incorrect. This can never succeed.

 Also, you don't check the decoded length returned by `base64_decode` and
 `descriptor_cookie_decoded` was allocated with `tor_malloc` instead of
 `tor_malloc_zero`, so you could have ended up reading uninitialized memory

  +  tor_free(onion_address);
  +  if (descriptor_cookie_base64) {
  +    tor_free(descriptor_cookie_base64);
  +    tor_free(descriptor_cookie_decoded);
  +  }

 This block of code is repeated for the success and err cases. You could
 avoid that by having an `int result` to return and falling through the
 `err:` case after calling `send_control_done`.

  +/** Remove any cached descriptors for <b>service_id</b>. */
 +rend_cache_remove_entry(const char *service_id)

 This name (and documentation) is misleading. This function only removes
 from the client cache, not the service or directory caches. I would rename
 it to mention clients.

 `make check-spaces` has a few other comments for you.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18620#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list