[tor-bugs] #30775 [Core Tor/Tor]: Crash in close_or_reextend_intro_circ() (not released)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 5 18:19:23 UTC 2019
#30775: Crash in close_or_reextend_intro_circ() (not released)
-------------------------------------------+-------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs bug 041-must stability | Actual Points:
Parent ID: #30773 | Points:
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Comment (by asn):
So it's obvious that this needs the same fix as #30771, but I don't think
we should whack-a-mole this code pattern because it seems to be quite
frequent and also there is nothing actually disallowing it.
I think we need some sort of other fix for this bug class. Here is some
possible avenues since this is blocking the upcoming alpha release:
a) Change the approach of #29034 to not free hs_ident/rend_data upon
repurpose, and just remove from circuitmap. Then hs_ident/rend_data will
be freed upon final circuit free. The danger here might be that some part
of the code might be using hs_ident/rend_data instead of the circuitmap
(e.g. look at circuit_get_ready_rend_circ_by_rend_data() where we are
saved by the purpose check). Me and David took a look at the code and we
didnt find anything obvious but this doesn't mean too much.
b) Revert parts (or the entirety) of #29034 and #28780 (and/or #28634).
c) Continue whack-a-moling but this does not seem like a stress-free thing
to do, since these bugs can get pretty nasty.
Feedback is very much appreciated.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30775#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list