[tor-bugs] #24667 [Core Tor/Tor]: OOM needs to consider the DESTROY queued cells
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 19 20:52:29 UTC 2017
#24667: OOM needs to consider the DESTROY queued cells
------------------------------+----------------------------------------
Reporter: dgoulet | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-cell, tor-circuit, oom
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+----------------------------------------
Our OOM is only looking a the circuit queue cells and HS descriptors to
free up memory.
We need to teach it to cleanup DESTROY cells in case cleaning up the
circuits is not enough.
This isn't that trivial because while cleaning up circuits in the OOM
handler, we will also send DESTROY cells for those thus allocating memory.
But also not sending those will affects other relays hanging on dead
circuits.
All in all, this is an interesting challenge but there might be something
smart to do even if not perfect.
The idea here is to avoid an attack that takes advantage of a bug in tor
that can fill up the DESTROY cell queue and our OOM just can't do anything
about it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24667>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list