[tor-bugs] #27995 [Core Tor/Tor]: hs v3 auth descriptor cookie validation: tor crash when parsing .auth file after SIGHUP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 18 15:28:20 UTC 2018
#27995: hs v3 auth descriptor cookie validation: tor crash when parsing .auth file
after SIGHUP
-------------------------------------------------+-------------------------
Reporter: madage | Owner: dgoulet
Type: defect | Status:
| accepted
Priority: High | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version: Tor:
| 0.3.5.2-alpha
Severity: Normal | Resolution:
Keywords: hs onion service v3 descriptor | Actual Points:
cookie validation regression high |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by dgoulet):
* owner: (none) => dgoulet
* reviewer: dgoulet =>
* status: needs_review => accepted
Comment:
Hmmm this is reproducible as explained in the ticket...
The reason is that the service `descriptor_cookie` is created when we
generate the service keys in `build_service_desc_keys()` meaning that on
HUP, that does NOT get called again ending up with an empty descriptor
cookie but with authorized clients.
To be honest, in order to minimize complexity, we should probably _always_
generate the cookie and only use it when we have authorized client
enabled. That way, we don't have to worry about configuration changes and
that cookie value. Would be a one liner fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27995#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list