[tor-bugs] #29034 [Core Tor/Tor]: circuit: Cleanup an HS circuit when it is being re-purposed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 9 19:12:46 UTC 2019
#29034: circuit: Cleanup an HS circuit when it is being re-purposed
------------------------------+----------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone: Tor: 0.4.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-hs, 035-backport
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+----------------------------------
Mike found out that when an IP/RP circuit fails to build in the right
amount of time (for instance through `circuit_expire_building()`), it is
re-purposed to become a measurement circuit.
The issue is that those HS circuits are set in the HS circuitmap and have
an `hs_ident` or `rend_data` set to them that should really not linger in
the circuit object if the circuit is not an HS one anymore.
Offenders: `circuit_build_times_mark_circ_as_measurement_only()` and
`pathbias_send_usable_probe()`.
Solution:
`circuit_change_purpose()` is probably the right place to make a callback
within the HS subsystem specific to cleaning up a circuit for a purpose
change. I think we need a new function that specifically does that and not
use `hs_circ_cleanup()` since it won't remove the ident.
Lingering circuits in the HS circuitmap is bad and this bug could probably
explain some of the issues we had with clients unable to establish
connections because the IP auth key wouldn't match the one in the circuit
ident.
I strongly believe this should be backported up to 0.3.5 at the very
least.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29034>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list