[tor-commits] [tor/master] Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t

nickm at torproject.org nickm at torproject.org
Wed Nov 30 01:55:00 UTC 2011


commit 1a52a947c557ac04ee96addff404dc50cf5c26eb
Author: Robert Ransom <rransom.8774 at gmail.com>
Date:   Sat Oct 29 17:02:53 2011 -0700

    Move the real INTRODUCE2 replay-detection cache into rend_intro_point_t
---
 changes/per-intro-point-replay-cache |    7 +++++++
 src/or/or.h                          |    9 ++++++---
 src/or/rendcommon.c                  |    5 +++++
 src/or/rendservice.c                 |   22 ++++++++--------------
 4 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/changes/per-intro-point-replay-cache b/changes/per-intro-point-replay-cache
new file mode 100644
index 0000000..f63e428
--- /dev/null
+++ b/changes/per-intro-point-replay-cache
@@ -0,0 +1,7 @@
+  o Minor features:
+
+    - Move the replay-detection cache for the RSA-encrypted parts of
+      INTRODUCE2 cells to the introduction point data structures.
+      Previously, we would use one replay-detection cache per hidden
+      service.  Required by fix for bug 3460.
+
diff --git a/src/or/or.h b/src/or/or.h
index 9c81d0e..b53220f 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3505,9 +3505,12 @@ typedef struct rend_intro_point_t {
    * included in the last HS descriptor we generated. */
   unsigned int listed_in_last_desc : 1;
 
-  /** (Service side only) The number of INTRODUCE2 cells this intro
-   * point's circuit has received. */
-  unsigned int introduction_count : 24;
+  /** (Service side only) A digestmap recording the INTRODUCE2 cells
+   * this intro point's circuit has received.  Each key is the digest
+   * of the RSA-encrypted part of a received INTRODUCE2 cell; each
+   * value is a pointer to the time_t at which the cell was
+   * received. */
+  digestmap_t *accepted_intros;
 
   /** (Service side only) The time at which this intro point was first
    * published, or -1 if this intro point has not yet been
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index c5bf881..0a478c1 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -440,6 +440,11 @@ rend_intro_point_free(rend_intro_point_t *intro)
 
   extend_info_free(intro->extend_info);
   crypto_free_pk_env(intro->intro_key);
+
+  if (intro->accepted_intros != NULL) {
+    digestmap_free(intro->accepted_intros, _tor_free);
+  }
+
   tor_free(intro);
 }
 
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index ee34edf..413d4f6 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1005,14 +1005,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   if (!service->accepted_intros)
     service->accepted_intros = digestmap_new();
 
+  if (!intro_point->accepted_intros)
+    intro_point->accepted_intros = digestmap_new();
+
   {
     char pkpart_digest[DIGEST_LEN];
-    /* Check for replay of PK-encrypted portion.  It is slightly naughty to
-       use the same digestmap to check for this and for g^x replays, but
-       collisions are tremendously unlikely.
-    */
+    /* Check for replay of PK-encrypted portion. */
     crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen);
-    access_time = digestmap_get(service->accepted_intros, pkpart_digest);
+    access_time = digestmap_get(intro_point->accepted_intros, pkpart_digest);
     if (access_time != NULL) {
       log_warn(LD_REND, "Possible replay detected! We received an "
                "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. "
@@ -1021,14 +1021,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     }
     access_time = tor_malloc(sizeof(time_t));
     *access_time = now;
-    digestmap_set(service->accepted_intros, pkpart_digest, access_time);
-  }
-
-  /* Record that we've received another INTRODUCE2 cell through this
-   * intro point. */
-  ++(intro_point->introduction_count);
-  if (intro_point->introduction_count == 0) {
-    --(intro_point->introduction_count);
+    digestmap_set(intro_point->accepted_intros, pkpart_digest, access_time);
   }
 
   /* Next N bytes is encrypted with service key */
@@ -1935,7 +1928,8 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
     return 1;
   }
 
-  if (intro->introduction_count >= INTRO_POINT_LIFETIME_INTRODUCTIONS) {
+  if (digestmap_size(intro->accepted_intros) >=
+      INTRO_POINT_LIFETIME_INTRODUCTIONS) {
     /* This intro point has been used too many times.  Expire it now. */
     return 1;
   }





More information about the tor-commits mailing list