[tor-bugs] #14828 [Core Tor/Tor]: Multiple hidden services can share a pk_digest/service_id.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 27 15:48:30 UTC 2016


#14828: Multiple hidden services can share a pk_digest/service_id.
-------------------------------------------+-------------------------------
 Reporter:  yawning                        |          Owner:  twim
     Type:  defect                         |         Status:
                                           |  needs_revision
 Priority:  Very Low                       |      Milestone:  Tor:
                                           |  0.3.0.x-final
Component:  Core Tor/Tor                   |        Version:  Tor: 0.2.7
 Severity:  Minor                          |     Resolution:
 Keywords:  easy, tor-hs, review-group-11  |  Actual Points:
Parent ID:                                 |         Points:  0.1
 Reviewer:                                 |        Sponsor:  SponsorR-can
-------------------------------------------+-------------------------------

Comment (by twim):

 Replying to [comment:22 dgoulet]:
 > That can't work (and I confirmed it with a simple test). That patch
 does: load the keys for each service then check for a duplicate key in all
 the service we have but yet our service is already in the list so you'll
 get a positive match everytime against yourself :).

 Yeah, thanks. This is because the logic appears to be kinda broken here.
 :\
 There should be a separate temp list for services which keys we want to
 load. And if loading fails, there should be no invalid services in global
 `rend_service_list`. As for now, `rend_service_list` contains also broken
 services.
 Also there is a problem if we going to call (there is no such call now)
 `rend_service_load_all_keys()` sometime after there are ephemeral services
 there: `s->directory == NULL` for them...
 I think this upper logic has to be fixed. Thoughts?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14828#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list