[tor-bugs] #21142 [Core Tor/Tor]: prop271: circuits_pending_other_guards not properly maintained
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 5 14:50:34 UTC 2017
#21142: prop271: circuits_pending_other_guards not properly maintained
--------------------------+------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.0.1-alpha
Severity: Normal | Resolution:
Keywords: tor-guard | Actual Points:
Parent ID: | Points: 0.3
Reviewer: | Sponsor:
--------------------------+------------------------------------
Description changed by asn:
Old description:
> Hello,
>
> I've been doing various tests to prop271 by using it with tor browser.
>
> I started digging more into
> `circuit_find_circuits_to_upgrade_from_guard_wait()` and particularly the
> `circuits_pending_other_guards` smartlist to understand better how this
> feature works in little-t-tor.
>
> While inspecting the elements of `circuits_pending_other_guards` I
> noticed that some of those circuits were zombies that were already freed,
> probably because they were closed but not removed from the smartlist.
>
> The only time we change membership of that list is in
> `circuit_set_state()`:
> {{{
> if (circ->state == CIRCUIT_STATE_GUARD_WAIT) {
> smartlist_remove(circuits_pending_other_guards, circ);
> }
> if (state == CIRCUIT_STATE_GUARD_WAIT) {
> smartlist_add(circuits_pending_other_guards, circ);
> }
> }}}
>
> We should probably consider removing circuits from that list when they
> marked for close as well, so that the list does not stay permanently
> populated.
New description:
Hello,
I've been doing various tests to prop271 by using it with tor browser.
I started digging more into
`circuit_find_circuits_to_upgrade_from_guard_wait()` and particularly the
`circuits_pending_other_guards` smartlist to understand better how this
feature works in little-t-tor.
While inspecting the elements of `circuits_pending_other_guards` I noticed
that some of those circuits were zombies that were already freed, probably
because they were closed but not removed from the smartlist.
The only time we change membership of that list is in
`circuit_set_state()`:
{{{
if (circ->state == CIRCUIT_STATE_GUARD_WAIT) {
smartlist_remove(circuits_pending_other_guards, circ);
}
if (state == CIRCUIT_STATE_GUARD_WAIT) {
smartlist_add(circuits_pending_other_guards, circ);
}
}}}
We should probably consider removing circuits from that list when they
marked for close as well, so that the list does not stay permanently
populated. Also see how membership in the similar smartlist
`circuits_pending_chans` is maintained.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21142#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list