[tor-bugs] #20533 [Core Tor/Tor]: Each download request should only increment the failure count once

Mon Nov 7 11:52:01 UTC 2016

#20533: Each download request should only increment the failure count once
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.2.9.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  regression    |  Actual Points:
Parent ID:  #20499        |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Hmm, I'm still thinking about this:

 If the consensus was current when we received it, but has expired before
 we received all the certificates, and it's less than
 DELAY_WHILE_FETCHING_CERTS since we received it, then I'm not sure if we
 should still call download_status_failed(). Otherwise, a mirror (one of
 our directory guards, or our bridge) could feed us a series of almost-
 stale consensuses, and cause us increment our failure count exponentially.
 But this only works if we ask for consensuses within 20 minutes of the
 hour, or if our receipt of the full consensus can be delayed using a slow-
 delivery attack.

 If we fail because the consensus is not modified, we shouldn't even get
 this far, we should instead wait before calling
 update_consensus_networkstatus_downloads().

 And if the mirror feeds us a consensus that has already expired, we should
 call the mirror bad, ignore the consensus, and try another one.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20533#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online