[tor-bugs] #31375 [Core Tor/Tor]: hs: Crash in token_bucket_ctr_refill() of the INTRO2 DoS defense
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 8 17:37:49 UTC 2019
#31375: hs: Crash in token_bucket_ctr_refill() of the INTRO2 DoS defense
---------------------------------------+-----------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Very High | Milestone: Tor:
| 0.4.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, crash, regression | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: Sponsor27-must
---------------------------------------+-----------------------------------
Comment (by dgoulet):
Ok... this is embarrassing but the reason we got there is because the
INTRO2 bucket is _not_ initialized for a legacy intro point (v2)...
We only init() in `handle_verified_establish_intro_cell()` which is v3
only.
Fortunately, we did not release this bug _and_ the HS DoS defense is not
enabled by default.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31375#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list