[tor-bugs] #25568 [Core Tor/Tor]: hs: Lookup failure cache when introducing to an intro point
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 21 15:00:47 UTC 2018
#25568: hs: Lookup failure cache when introducing to an intro point
------------------------------+--------------------------------
Reporter: dgoulet | Owner: dgoulet
Type: defect | Status: assigned
Priority: Medium | Milestone: Tor: 0.3.4.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: security, tor-hs
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
It turns out that if a descriptor contains 10 times the same intro point,
and that the first introduction attempt fails, we'll try to connect to the
same failing intro point again for all subsequent remaining intro points.
The intro point failure cache was introduced to avoid such a situation but
it is only used between two descriptors that is if an intro point failed
from the first descriptor and that intro point is still present in the
second descriptor fetched, we ignore it.
However, this situation is about the same intro point in the same
descriptor. In normal circumstances, this can't happen but it is still
allowed by the protocol.
One issue with this is that a malicious service would induce many circuits
out of the client than necessary. This can be used, theoretically, for a
client guard discovery attack.
This affects both v2 and v3.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25568>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list