[tor-bugs] #24895 [Core Tor/Tor]: MAX_REND_FAILURES is 1, but we will try three times

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 15 08:30:45 UTC 2018 

#24895: MAX_REND_FAILURES is 1, but we will try three times
--------------------------+------------------------------------
 Reporter:  arma          |          Owner:  (none)
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  032-backport  |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------
Description changed by arma:

Old description:

> Off-by-2 error counting to MAX_REND_FAILURES for onion services:
>
> In can_relaunch_service_rendezvous_point(), we check
> {{{
>   if (circ->build_state->failure_count > MAX_REND_FAILURES ||
>       circ->build_state->expiry_time <= time(NULL)) {
> }}}
> to decide whether to abort the relaunch.
>
> But the incrementing of failure_count happens in the relaunch, i.e. after
> this code. Also, it says ">" rather than ">=".
>
> Yet the definition of MAX_REND_FAILURES is
> {{{
> /** How many times will a hidden service operator attempt to connect to a
>  * requested rendezvous point before giving up? */
> #define MAX_REND_FAILURES 1
> }}}
>
> So when the first attempt fails, failure_count is 0, which is not > 1, so
> we try again. When the second attempt fails, failure_count is 0, which is
> also not > 1. It's only after the third attempt fails that we decide that
> MAX_REND_FAILURES has been reached.
>
> This bug affects legacy onion services, and it will also affect nextgen
> onion services once #24894 is fixed.

New description:

 Off-by-2 error counting to MAX_REND_FAILURES for onion services:

 In can_relaunch_service_rendezvous_point(), we check
 {{{
   if (circ->build_state->failure_count > MAX_REND_FAILURES ||
       circ->build_state->expiry_time <= time(NULL)) {
 }}}
 to decide whether to abort the relaunch.

 But the incrementing of failure_count happens in the relaunch, i.e. after
 this code. Also, it says ">" rather than ">=".

 Yet the definition of MAX_REND_FAILURES is
 {{{
 /** How many times will a hidden service operator attempt to connect to a
  * requested rendezvous point before giving up? */
 #define MAX_REND_FAILURES 1
 }}}

 So when the first attempt fails, failure_count is 0, which is not > 1, so
 we try again. When the second attempt fails, failure_count is 1, which is
 also not > 1. It's only after the third attempt fails that we decide that
 MAX_REND_FAILURES has been reached.

 This bug affects legacy onion services, and it will also affect nextgen
 onion services once #24894 is fixed.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24895#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list