[tor-bugs] #30921 [Core Tor/Tor]: hs-v3: Close intro circuits when cleaning up the client descriptor cache

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 19 12:26:02 UTC 2019 

#30921: hs-v3: Close intro circuits when cleaning up the client descriptor cache
--------------------------------+--------------------------------
     Reporter:  dgoulet         |      Owner:  dgoulet
         Type:  defect          |     Status:  assigned
     Priority:  Medium          |  Milestone:  Tor: 0.4.2.x-final
    Component:  Core Tor/Tor    |    Version:
     Severity:  Normal          |   Keywords:  tor-hs, tor-client
Actual Points:                  |  Parent ID:  #28970
       Points:  0.1             |   Reviewer:
      Sponsor:  Sponsor27-must  |
--------------------------------+--------------------------------
 In #28970, one of the assert indicates that we are missing the
 `descriptor` object when the intro point circuit opened:

 {{{
 Jan 01 05:31:33.000 [warn] tor_bug_occurred_(): Bug:
 ../src/or/hs_client.c:624: setup_intro_circ_auth_key: Non-fatal assertion
 !(desc == NULL) failed. (on Tor 0.3.4.9 )
 Jan 01 05:31:33.000 [warn] Bug: Non-fatal assertion !(desc == NULL) failed
 in setup_intro_circ_auth_key at ../src/or/hs_client.c:624. Stack trace:
 (on Tor 0.3.4.9 )
 Jan 01 05:31:33.000 [warn] Bug:     /usr/bin/tor(log_backtrace+0x42)
 [0x56345cea26e2] (on Tor 0.3.4.9 )
 Jan 01 05:31:33.000 [warn] Bug:     /usr/bin/tor(tor_bug_occurred_+0xb7)
 [0x56345cebd587] (on Tor 0.3.4.9 )
 Jan 01 05:31:33.000 [warn] Bug:
 /usr/bin/tor(hs_client_circuit_has_opened+0x2ca) [0x56345ce8027a] (on Tor
 0.3.4.9 )
 }}}

 When a descriptor is removed from the client cache, the intro circuits
 aren't closed so there is a race where if it happens in the same main loop
 run that the client has an opened intro circuit for it, then it could lead
 to that assert.

 Regardless of the cause of the assert or not, we should always close
 pending intro circuits when cleaning up a descriptor since once it opens,
 the client requires access to the descriptor object to complete the
 introduction (see `setup_intro_circ_auth_key()`).

 Funny thought that we do that when we replace a descriptor from the client
 cache but not when we purge it...

 This is a possible backport contender in order to avoid `BUG()` and
 failure of reachability client side.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30921>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list