[tor-commits] [tor/master] Roll back the path_state for circs if we detatch a stream.

Tue Jan 29 00:18:36 UTC 2013

commit 24b9b9f791defcb6156c587a035fde58c35a46d9
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Fri Jan 18 19:29:17 2013 -0800

    Roll back the path_state for circs if we detatch a stream.
    
    An adversary could let the first stream request succeed (ie the resolve), but
    then tag and timeout the remainder (via cell dropping), forcing them on new
    circuits.
    
    Rolling back the state will cause us to probe such circuits, which should lead
    to probe failures in the event of such tagging due to either unrecognized
    cells coming in while we wait for the probe, or the cipher state getting out
    of sync in the case of dropped cells.
---
 src/or/connection_edge.c |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 41795ac..9e2c15d 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -637,6 +637,16 @@ connection_ap_expire_beginning(void)
     }
     if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
       if (seconds_idle >= options->SocksTimeout) {
+        /* Path bias: We need to probe the circuit to ensure validity.
+         * Roll its state back if it succeeded so that we do so upon close. */
+        if (TO_ORIGIN_CIRCUIT(circ)->path_state == PATH_STATE_USE_SUCCEEDED) {
+          log_info(LD_CIRC,
+                   "Rolling back pathbias use state to 'attempted' for timed "
+                   "out rend circ %d",
+                   TO_ORIGIN_CIRCUIT(circ)->global_identifier);
+          TO_ORIGIN_CIRCUIT(circ)->path_state = PATH_STATE_USE_ATTEMPTED;
+        }
+
         log_fn(severity, LD_REND,
                "Rend stream is %d seconds late. Giving up on address"
                " '%s.onion'.",
@@ -806,6 +816,15 @@ connection_ap_detach_retriable(entry_connection_t *conn,
   control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE, reason);
   ENTRY_TO_CONN(conn)->timestamp_lastread = time(NULL);
 
+  /* Path bias: We need to probe the circuit to ensure validity.
+   * Roll its state back if it succeeded so that we do so upon close. */
+  if (circ->path_state == PATH_STATE_USE_SUCCEEDED) {
+    log_info(LD_CIRC,
+             "Rolling back pathbias use state to 'attempted' for detached "
+             "circuit %d", circ->global_identifier);
+    circ->path_state = PATH_STATE_USE_ATTEMPTED;
+  }
+
   if (conn->pending_optimistic_data) {
     generic_buffer_set_to_copy(&conn->sending_optimistic_data,
                                conn->pending_optimistic_data);



