[tor-bugs] #29134 [Core Tor/Tor]: Document the max number of v3 client auths I can make
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jan 19 18:45:13 UTC 2019
#29134: Document the max number of v3 client auths I can make
------------------------------+--------------------------
Reporter: pastly | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version: Tor: 0.3.5.7
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------
I'm testing out v3 onion service client auth. I couldn't find a documented
maximum number of clients I can authorize for a single onion service, so I
tried a really big number (400).
Full log here: https://paste.debian.net/1061430/ and first bit here:
{{{
matt at spacecow:~/src/tor$ ./src/app/tor -f torrc-server
Jan 19 13:34:11.635 [notice] Tor 0.3.5.7 (git-9beb085c10562a25) running on
Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0j, Zlib 1.2.8, Liblzma
N/A, and Libzstd N/A.
Jan 19 13:34:11.635 [notice] Tor can't help you if you use it wrong! Learn
how to be safe at https://www.torproject.org/download/download#warning
Jan 19 13:34:11.635 [notice] Read configuration file "/home/matt/src/tor
/torrc-server".
Jan 19 13:34:11.640 [warn] Path for DataDirectory (data-server) is
relative and will resolve to /home/matt/src/tor/data-server. Is this what
you wanted?
Jan 19 13:34:11.640 [warn] Path for PidFile (data-server/tor.pid) is
relative and will resolve to /home/matt/src/tor/data-server/tor.pid. Is
this what you wanted?
Jan 19 13:34:11.640 [warn] Path for HiddenServiceDir (data-
server/onion_service) is relative and will resolve to /home/matt/src/tor
/data-server/onion_service. Is this what you wanted?
Jan 19 13:34:11.641 [warn] Your log may contain sensitive information -
you disabled SafeLogging. Don't log unless it serves an important reason.
Overwrite the log afterwards.
Jan 19 13:34:11.666 [notice] Bootstrapped 0%: Starting
Jan 19 13:34:11.948 [notice] Starting with guard context "default"
Jan 19 13:34:12.666 [notice] Bootstrapped 10%: Finishing handshake with
directory server
Jan 19 13:34:12.666 [notice] Bootstrapped 80%: Connecting to the Tor
network
Jan 19 13:34:12.722 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 19 13:34:13.048 [notice] Bootstrapped 100%: Done
Jan 19 13:34:14.676 [warn] We just made an HS descriptor that's too big
(54736).Failing.
Jan 19 13:34:14.676 [warn] tor_bug_occurred_(): Bug:
src/feature/hs/hs_service.c:2828: upload_descriptor_to_hsdir: Non-fatal
assertion !(service_encode_descriptor(service, desc, &desc->signing_kp,
&encoded_desc) < 0) failed. (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: Non-fatal assertion
!(service_encode_descriptor(service, desc, &desc->signing_kp,
&encoded_desc) < 0) failed in upload_descriptor_to_hsdir at
src/feature/hs/hs_service.c:2828. Stack trace: (on Tor 0.3.5.7
9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(log_backtrace_impl+0x47)
[0x564e05c29297] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_bug_occurred_+0xc0)
[0x564e05c24930] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug:
./src/app/tor(hs_service_run_scheduled_events+0x1d6a) [0x564e05b4c5ca] (on
Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x65e71)
[0x564e05aa7e71] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(+0x697e1)
[0x564e05aab7e1] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /usr/lib/x86_64-linux-
gnu/libevent-2.0.so.5(event_base_loop+0x6a0) [0x7f19b89755a0] (on Tor
0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(do_main_loop+0x9d)
[0x564e05aab21d] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_run_main+0x1215)
[0x564e05a990a5] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(tor_main+0x3a)
[0x564e05a962ca] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(main+0x19)
[0x564e05a95e49] (on Tor 0.3.5.7 9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: /lib/x86_64-linux-
gnu/libc.so.6(__libc_start_main+0xf1) [0x7f19b7ac12e1] (on Tor 0.3.5.7
9beb085c10562a25)
Jan 19 13:34:14.677 [warn] Bug: ./src/app/tor(_start+0x2a)
[0x564e05a95e9a] (on Tor 0.3.5.7 9beb085c10562a25)
}}}
I didn't expect to be allowed an unlimited number of client
authorizations, but I do expect Tor to handle too many more gracefully.
{{{
matt at spacecow:~/src/tor$ cat torrc-server
DataDirectory data-server
Log notice file data-server/notice.log
Log notice stdout
PidFile data-server/tor.pid
SocksPort 0
SafeLogging 0
LogTimeGranularity 1
HiddenServiceDir data-server/onion_service
HiddenServicePort 80 11223
}}}
{{{
matt at spacecow:~/src/tor$ cat torrc-client
DataDirectory data-client
Log notice file data-client/notice.log
Log notice stdout
PidFile data-client/tor.pid
SocksPort auto
SafeLogging 0
LogTimeGranularity 1
ClientOnionAuthDir data-client/v3onionauth
}}}
I wrote a script to generate a ton of .auth and .auth_private files.
1. Start the server's tor with DisableNetwork set, wait for it to
bootstrap, then stop it. Grab the hostname of the onion service
2. Use this script (https://paste.debian.net/1061432/) to generate a bunch
of .auth and .auth_private files. For example:
{{{
matt at spacecow:~/src/python-snippits/src ./x25519-gen.py \
> ck7vkjy5dfk4dh564wnhqrdhmeh4qrnnkmo5tdwu4n7wickkhbzrb7yd \
> 400 \
> ~/src/tor/data-server/onion_service/authorized_clients/ \
> ~/src/tor/data-client/v3onionauth/
}}}
3. Then remove DisableNetwork and start the server. It produces the above
buggy logs
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list