[tor-bugs] #18873 [Core Tor/Tor]: Refactor circuit_predict_and_launch_new()

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 30 00:52:22 UTC 2016


#18873: Refactor circuit_predict_and_launch_new()
--------------------------+------------------------------------
 Reporter:  asn           |          Owner:
     Type:  defect        |         Status:  needs_review
 Priority:  Low           |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  refactoring   |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  dgoulet       |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:9 teor]:
 > Replying to [comment:8 chelseakomlo]:
 > > ...
 > > I added a separate commit for the refactor to remove the check for
 CIRCUIT_IS_ORIGIN in circuit_is_available_for_use. The refactor is because
 we first check the purpose of the circuit to see if it is an origin
 circuit, but then we later reject all cicuits that do not have the purpose
 CIRCUIT_PURPOSE_C_GENERAL.
 > >
 > > We shouldn't need to use the BUG macro because
 circuit_is_available_for_use should be able to accept both origin and non-
 origin circuits, and silently return if the circuit's purpose is not
 CIRCUIT_PURPOSE_C_GENERAL (which I believe also entails that it is an
 origin circuit).
 > >
 > > `#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)`
 > > `#define CIRCUIT_PURPOSE_OR_MAX_ 4`
 > > `#define CIRCUIT_PURPOSE_C_GENERAL 5`
 > >
 > > If this is the case, we shouldn't be able to crash in
 TO_ORIGIN_CIRCUIT() as all circuits that reach this point will have the
 purpose CIRCUIT_PURPOSE_C_GENERAL and therefore (I think) are origin
 circuits.
 >
 > I think you are confusing CIRCUIT_PURPOSE_IS_ORIGIN() and
 CIRCUIT_IS_ORIGIN().

 Oops, no, I am confusing them:

 CIRCUIT_PURPOSE_IS_ORIGIN() and CIRCUIT_IS_ORIGIN() are equivalent - one
 tests the purpose itself, the other tests the circuit.

 But TO_ORIGIN_CIRCUIT does `tor_assert(x->magic ==
 ORIGIN_CIRCUIT_MAGIC);`, and does not check the purpose. So it is not
 equivalent to either of those other macros.

 > And while I agree that is the current logic, I have seen too many cases
 like this where calling code breaks an assumption, and then the called
 code crashes.

 In particular, the assumption that if a circuit satisfies `purpose ==
 CIRCUIT_PURPOSE_C_GENERAL`, it will also have the right magic number.

 But in the end, I think you're right, because assert_circuit_ok() checks
 that invariant. So we can skip that check.

--
Ticket URL: <https://troodi.torproject.org/projects/tor/ticket/18873#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list