[tor-bugs] #24509 [Core Tor/Tor]: circuit_can_use_tap() should only allow TAP for v2 onion services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Dec 10 23:34:04 UTC 2017
#24509: circuit_can_use_tap() should only allow TAP for v2 onion services
-------------------------------------------------+-------------------------
Reporter: teor | Owner: (none)
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.3.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.2.1-alpha
Severity: Normal | Resolution:
Keywords: prop224, tor-hs, security-low, | Actual Points:
easy, intro |
Parent ID: | Points: 0.5
Reviewer: dgoulet | Sponsor:
-------------------------------------------------+-------------------------
Changes (by irl):
* status: needs_revision => needs_review
Comment:
Not convinced by the naming of these variables/constants. There's a lot of
"hidden services" in the code and I wonder if it's best to just go with
that, instead of trying to have onion services (probably it is).
The test suite passes nicely and I've been able to access v2/v3 services.
I've not tested hosting a service but it would be good to get a review to
make sure I'm on the right track and to get some hints as to naming.
The only code path I haven't fully explored is
"should_use_create_fast_for_circuit". Is there ever a case where a v2
onion service would be trying to use create_fast? I don't want to have it
fail to use TAP and fall back to create_fast because the v2 flag wasn't
present on a code path.
I'm thinking to add some assertions that is_v2 is set in any case where
rend_data is being added to a circuit, which should provide some level of
assurance and potentially catch any bugs that appear later on.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24509#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list