[tor-bugs] #13151 [Tor]: OR address is in host order in INTRODUCE2 cell

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Sep 13 20:05:46 UTC 2014 

#13151: OR address is in host order in INTRODUCE2 cell
------------------------+--------------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs tor-client
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------------
Changes (by arma):

 * priority:  normal => major
 * milestone:  Tor: 0.2.6.x-final => Tor: 0.2.5.x-final


Comment:

 I believe the net effect is that the extend request from the hs's circuit
 to the client's chosen rp will succeed if there's already a tls connection
 open between them, and will fail otherwise because the extend request will
 head off to the wrong address.

 So that means that some rendezvous attempts by hidden services will fail.
 Good thing we allow
 {{{
 #define MAX_REND_FAILURES 8
 }}}
 tries (and it was even higher up until #4241) -- I guess statistically the
 odds are pretty good. Still, we could cut down on variance in time-until-
 success by making the first try actually work.

 The clear fix should happen on the client side: it should send the right
 address rather than the wrong one.

 We could also imagine fixing this on the hidden service side -- if it gets
 an intro2 cell where it recognizes the requested identity key but the addr
 is different but a permutation of it produces the expected one, it could
 go ahead and correct it for its extend cell.

 I'm inclined to fix only the client side, and let people upgrade if they
 want things to work. Otherwise we'll drag around the server-side hack for
 a long time for little real benefit.

 I should also point our a privacy problem here: clients on big-endian
 systems will be sending the correct addr, and clients on little-endian
 systems will be sending the wrong one. Basically we leak our local host
 endianness to the hidden service. It doesn't seem like a huge deal but
 it's worth thinking more about in case I'm wrong.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13151#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list