[tor-bugs] #21142 [Core Tor/Tor]: prop271: circuits_pending_other_guards not properly maintained

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 5 14:50:34 UTC 2017


#21142: prop271: circuits_pending_other_guards not properly maintained
--------------------------+------------------------------------
 Reporter:  asn           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.0.1-alpha
 Severity:  Normal        |     Resolution:
 Keywords:  tor-guard     |  Actual Points:
Parent ID:                |         Points:  0.3
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Description changed by asn:

Old description:

> Hello,
>
> I've been doing various tests to prop271 by using it with tor browser.
>
> I started digging more into
> `circuit_find_circuits_to_upgrade_from_guard_wait()` and particularly the
> `circuits_pending_other_guards` smartlist to understand better how this
> feature works in little-t-tor.
>
> While inspecting the elements of `circuits_pending_other_guards` I
> noticed that some of those circuits were zombies that were already freed,
> probably because they were closed but not removed from the smartlist.
>
> The only time we change membership of that list is in
> `circuit_set_state()`:
> {{{
>  if (circ->state == CIRCUIT_STATE_GUARD_WAIT) {
>     smartlist_remove(circuits_pending_other_guards, circ);
>   }
>   if (state == CIRCUIT_STATE_GUARD_WAIT) {
>     smartlist_add(circuits_pending_other_guards, circ);
>   }
> }}}
>
> We should probably consider removing circuits from that list when they
> marked for close as well, so that the list does not stay permanently
> populated.

New description:

 Hello,

 I've been doing various tests to prop271 by using it with tor browser.

 I started digging more into
 `circuit_find_circuits_to_upgrade_from_guard_wait()` and particularly the
 `circuits_pending_other_guards` smartlist to understand better how this
 feature works in little-t-tor.

 While inspecting the elements of `circuits_pending_other_guards` I noticed
 that some of those circuits were zombies that were already freed, probably
 because they were closed but not removed from the smartlist.

 The only time we change membership of that list is in
 `circuit_set_state()`:
 {{{
  if (circ->state == CIRCUIT_STATE_GUARD_WAIT) {
     smartlist_remove(circuits_pending_other_guards, circ);
   }
   if (state == CIRCUIT_STATE_GUARD_WAIT) {
     smartlist_add(circuits_pending_other_guards, circ);
   }
 }}}

 We should probably consider removing circuits from that list when they
 marked for close as well, so that the list does not stay permanently
 populated. Also see how membership in the similar smartlist
 `circuits_pending_chans` is maintained.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21142#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list