[tor-bugs] #20410 [Core Tor/Tor]: Tor master breaks bridge clients

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 24 04:31:32 UTC 2016

#20410: Tor master breaks bridge clients
 Reporter:  teor                 |          Owner:
     Type:  defect               |         Status:  new
 Priority:  High                 |      Milestone:
Component:  Core Tor/Tor         |        Version:  Tor:
 Severity:  Major                |     Resolution:
 Keywords:  crash bridge-client  |  Actual Points:
Parent ID:                       |         Points:  0.5
 Reviewer:                       |        Sponsor:
Changes (by teor):

 * keywords:   => crash bridge-client
 * priority:  Medium => High


 I think I understand why this is happening based on 195ccce in #20077:
 * launch_direct_bridge_descriptor_fetch calls directory_initiate_command
 * directory_initiate_command calls directory_initiate_command_rend
 * directory_initiate_command_rend asserts because purpose_needs_anonymity
 believes all ROUTER_PURPOSE_BRIDGE requests must be anonymous (3-hop), but
 this clearly isn't true for bridge descriptor fetches straight from the
 bridge itself.

 I think the correct fix for this is to modify purpose_needs_anonymity to
 require anonymity for ROUTER_PURPOSE_BRIDGE, except for
 DIR_PURPOSE_FETCH_SERVERDESC. (This might be problematic because it allows
 fetch_bridge_descriptors() to fetch directly from the bridge authority.
 Does this matter?)

 Also, the other replacement of is_sensitive_dir_purpose with
 purpose_needs_anonymity is incomplete. We should upcast the linked
 connection to a dir_connection_t, then check the router_purpose field.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20410#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list