[tor-commits] [tor] 01/05: relay: Don't send DESTROY remote reason backward or forward

gitolite role git at cupani.torproject.org
Tue Aug 2 20:25:14 UTC 2022 

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit 6fcae8e0d080d7d0875eab4a0118e8fdaf5e832c
Author: David Goulet <dgoulet at torproject.org>
AuthorDate: Tue Aug 2 15:49:03 2022 -0400

    relay: Don't send DESTROY remote reason backward or forward
    
    Fixes #40649
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 changes/ticket40649   |  4 ++++
 src/core/or/command.c | 11 +++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/changes/ticket40649 b/changes/ticket40649
new file mode 100644
index 0000000000..28df58f106
--- /dev/null
+++ b/changes/ticket40649
@@ -0,0 +1,4 @@
+  o Minor bugfixes (relay):
+    - Do not propagate either forward or backward a DESTROY remote reason when
+      closing a circuit so to avoid a possible side channel. Fixes bug 40649;
+      bugfix on 0.1.2.4-alpha.
diff --git a/src/core/or/command.c b/src/core/or/command.c
index 65853f7844..a8b93dc9a0 100644
--- a/src/core/or/command.c
+++ b/src/core/or/command.c
@@ -629,9 +629,11 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
   if (!CIRCUIT_IS_ORIGIN(circ) &&
       chan == TO_OR_CIRCUIT(circ)->p_chan &&
       cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
-    /* the destroy came from behind */
+    /* The destroy came from behind so nullify its p_chan. Close the circuit
+     * with a DESTROYED reason so we don't propagate along the path forward the
+     * reason which could be used as a side channel. */
     circuit_set_p_circid_chan(TO_OR_CIRCUIT(circ), 0, NULL);
-    circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
+    circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
   } else { /* the destroy came from ahead */
     circuit_set_n_circid_chan(circ, 0, NULL);
     if (CIRCUIT_IS_ORIGIN(circ)) {
@@ -639,9 +641,10 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan)
     } else {
       /* Close the circuit so we stop queuing cells for it and propagate the
        * DESTROY cell down the circuit so relays can stop queuing in-flight
-       * cells for this circuit which helps with memory pressure. */
+       * cells for this circuit which helps with memory pressure. We do NOT
+       * propagate the remote reason so not to create a side channel. */
       log_debug(LD_OR, "Received DESTROY cell from n_chan, closing circuit.");
-      circuit_mark_for_close(circ, reason | END_CIRC_REASON_FLAG_REMOTE);
+      circuit_mark_for_close(circ, END_CIRC_REASON_DESTROYED);
     }
   }
 }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list