[tor-bugs] #4759 [Tor Hidden Services]: Rend circ corresponding to an intro circ is looked up improperly
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Dec 22 11:22:51 UTC 2011
#4759: Rend circ corresponding to an intro circ is looked up improperly
---------------------------------+------------------------------------------
Reporter: rransom | Owner: rransom
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.3.x-final
Component: Tor Hidden Services | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
`rend_client_introduction_acked` uses
`circuit_get_by_rend_query_and_purpose` to look up the rendezvous circuit
corresponding to an introduction circuit by its purpose and destination
hidden service address. Unfortunately, there may be multiple rendezvous
circuits open with the same purpose (`CIRCUIT_PURPOSE_C_REND_READY`) and
destination hidden service address, especially with the proposal 171
changes and (less so) the #3000 fix in recent Tors.
`rend_client_introduction_acked` should look up the rendezvous circuit by
its rendezvous cookie and DH public key instead.
If this bug occurs, it may trigger the following log message on the client
side in `rend_client_receive_rendezvous`:
{{{
log_warn(LD_PROTOCOL,"Got rendezvous2 cell from hidden service, but
not "
"expecting it. Closing.");
}}}
However, the rend circ for which the `INTRODUCE1` cell was sent is likely
to time out before the service reaches it.
The fix for this bug might be worth backporting to 0.2.2.x.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4759>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list