[tor-bugs] #20472 [Core Tor/Tor]: circuit_pick_extend_handshake: Non-fatal assertion !(node_prev == NULL) failed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 27 02:37:52 UTC 2016
#20472: circuit_pick_extend_handshake: Non-fatal assertion !(node_prev == NULL)
failed
-------------------------------------------+-------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.2.9.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.2.9.3-alpha
Severity: Normal | Resolution:
Keywords: TorCoreTeam201610, regression | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Changes (by teor):
* keywords: => TorCoreTeam201610, regression
Comment:
Thanks for this bug report.
This is a rare case:
* tor creates an introduction circuit
* some time later, the introduction point sends a NAK
* tor extends through the previous intro point to a new intro point
* the previous intro point is not in the consensus, either because it
dropped out, or because it was never there to begin with.
This is the calling code:
{{{
{
const node_t *prev_node;
prev_node = node_get_by_id(hop->prev->extend_info->identity_digest);
circuit_pick_extend_handshake(&ec.cell_type,
&ec.create_cell.cell_type,
&ec.create_cell.handshake_type,
prev_node,
hop->extend_info);
}
}}}
I think the correct way to fix this is to allow node_prev to be NULL, and
skip the version checks in that case. We can't just do this for old-style
hidden service, because it's also possible that nodes drop out of the
consensus while the circuit is being built.
Bugfix on commit 10aa913 from #19163 in tor-0.2.9.3-alpha.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20472#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list