[tor-bugs] #26806 [Core Tor/Tor]: Check if Tor clients sometiems send duplicate cells on rendezvous circuits: Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section was seen
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 16 16:12:51 UTC 2018
#26806: Check if Tor clients sometiems send duplicate cells on rendezvous circuits:
Possible replay detected! An INTRODUCE2 cell with thesame ENCRYPTED section
was seen
--------------------------+------------------------------------
Reporter: s7r | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by dgoulet):
* cc: dgoulet (removed)
* milestone: Tor: unspecified => Tor: 0.3.5.x-final
Comment:
Although in this case, tor would be sending twice the same `INTRODUCE1`
cell... There is a case where a tor client will send twice an INTRO cell
which is when the initial intro request timed out (due to not receiving
the intro ACK), then the client will resend an INTRO cell with the same
rendezvous cookie. However, I believe we have a mechanism that prevents
tor from picking that intro point again.
Thus I suspect we aren't flagging the timed out intro point correctly
client side leading to a possibly double send on the same intro point
(intro point are picked randomly by the client). I think in theory
`hs_cache_client_intro_state_note()` is responsible for that and oops! it
is only used if we get a NACK ... not on circuit timeout! Not looking like
a regression, more likely we always had that problem.
Moving this to 035 so we can fix that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26806#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list