[tor-bugs] #23610 [Core Tor/Tor]: handle_establish_intro() can mark circuits for close twice
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 21 06:03:09 UTC 2017
#23610: handle_establish_intro() can mark circuits for close twice
----------------------------+----------------------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core | Version: Tor: 0.3.2.1-alpha
Tor/Tor |
Severity: Normal | Keywords: prop224, tor-hs, tor-bug-warning
Actual Points: | Parent ID:
Points: 1 | Reviewer:
Sponsor: |
----------------------------+----------------------------------------------
Some of the failure cases in handle_verified_establish_intro_cell() mark
the circuit for close. So if handle_establish_intro() tries to mark it for
close again, it will trigger a bug warning.
I think this is the only case in the v3 introduce protocol. We should
check for cases like this in the v3 rend protocol as well.
{{{
/* This cell is legit. Take the appropriate actions. */
cell_ok = handle_verified_establish_intro_cell(circ, parsed_cell);
if (cell_ok < 0) {
goto err;
}
log_warn(LD_GENERAL, "Established prop224 intro point on circuit %"
PRIu32,
circ->p_circ_id);
/* We are done! */
retval = 0;
goto done;
err:
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23610>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list