[tor-bugs] #24894 [Core Tor/Tor]: v3 onion services don't respect MAX_REND_FAILURES
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 15 05:13:35 UTC 2018
#24894: v3 onion services don't respect MAX_REND_FAILURES
------------------------------+--------------------------------
Reporter: arma | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
In can_relaunch_service_rendezvous_point() we check
{{{
if (circ->build_state->failure_count > MAX_REND_FAILURES ||
circ->build_state->expiry_time <= time(NULL)) {
}}}
for whether to abort the relaunch.
But in retry_service_rendezvous_point(), we do this:
{{{
/* Transfer build state information to the new circuit state in part to
* catch any other failures. */
new_circ->build_state->failure_count = bstate->failure_count++;
}}}
That ++ increments the failure_count for the *old* circuit, which means
the new circuit gets a failure_count of 0. No new circuits ever have a
failure count of anything other than 0.
The legacy onion services handle it better, by doing
{{{
newstate->failure_count = oldstate->failure_count+1;
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24894>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list