[tor-bugs] #33650 [Core Tor/Tor]: Verify that intro2 cell extensions actually work
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 19 21:45:47 UTC 2020
#33650: Verify that intro2 cell extensions actually work
-------------------------------------------------+-------------------------
Reporter: arma | Owner:
| mikeperry
Type: task | Status:
| accepted
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-dos tor-dos-2020 anonymous- | Actual Points:
credentials research |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mikeperry):
Notes for the INTRO1->INTRO2 codepaths:
- Intro1 is sent from `hs_circ_send_introduce1()`, and built in
`hs_cell_build_introduce1()`
- There are actually two extension areas: one is in the unencrypted
section, set in `hs_cell_build_introduce1()`, and one is in the encrypted
section, set in `introduce1_set_encrypted()`
- The Intropoint processes the INTRO1 cell in
`hs_intro_received_introduce1()`
- v3 INTRO1 cells go into `handle_introduce1()` and the cell's
unencrypted fields are parsed and validated
- Requested rate limits are checked in `hs_dos_can_send_intro2()`
- The cell is sent as an INTRO2 exactly as is towards the service
- The service receives it in `hs_service_receive_introduce2()`
- The service checks the IP in `service_handle_introduce2()`, and if
valid, parses the cell in `hs_circ_handle_introduce2()` (via
`hs_cell_parse_introduce2()` and ultimately the intro1 parsing functions)
- If parsing was successful, a rend circuit is launched from
`hs_circ_handle_introduce2()`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33650#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list