[tor-commits] [tor/master] Tags on relay cells can result in certain reason codes.

nickm at torproject.org nickm at torproject.org
Wed Dec 26 04:34:55 UTC 2012 

commit ccaeef22e168af34e9b6a63d65ce17e58dd702e2
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Tue Dec 11 17:49:12 2012 -0800

    Tags on relay cells can result in certain reason codes.
    
    Close the circuit (it's probably junk anyways), and make sure we don't probe
    it/count it as a success.
---
 src/or/circuitbuild.c |    2 ++
 src/or/or.h           |    8 +++++++-
 src/or/relay.c        |   24 +++++++++++++++++-------
 3 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 3e2568c..f93b04f 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1140,6 +1140,8 @@ pathbias_state_to_string(path_state_t state)
       return "build succeeded";
     case PATH_STATE_USE_SUCCEEDED:
       return "use succeeded";
+    case PATH_STATE_USE_FAILED:
+      return "use failed";
   }
 
   return "unknown";
diff --git a/src/or/or.h b/src/or/or.h
index aaf817d..ccc20b9 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2779,6 +2779,12 @@ typedef enum {
       * just tag at a later point.
       */
     PATH_STATE_USE_SUCCEEDED = 3,
+
+    /**
+     * This is a special state to indicate that we got a corrupted
+     * relay cell on a circuit and we don't intend to probe it.
+     */
+    PATH_STATE_USE_FAILED = 4,
 } path_state_t;
 
 /** An origin_circuit_t holds data necessary to build and use a circuit.
@@ -2816,7 +2822,7 @@ typedef struct origin_circuit_t {
 
   /** Kludge to help us prevent the warn in bug #6475 and eventually
    * debug why we are not seeing first hops in some cases. */
-  path_state_t path_state : 2;
+  path_state_t path_state : 3;
 
   /** Set iff this is a hidden-service circuit which has timed out
    * according to our current circuit-build timeout, but which has
diff --git a/src/or/relay.c b/src/or/relay.c
index fd8f857..b4b7700 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -694,13 +694,23 @@ connection_ap_process_end_not_open(
   (void) layer_hint; /* unused */
 
   if (rh->length > 0) {
-    /* Path bias: If we get a valid reason code from the exit,
-     * it wasn't due to tagging */
-    // XXX: This relies on recognized+digest being strong enough not
-    // to be spoofable.. Is that a valid assumption?
-    // Or more accurately: is it better than nothing? Can the attack
-    // be done offline?
-    circ->path_state = PATH_STATE_USE_SUCCEEDED;
+    if (reason == END_STREAM_REASON_TORPROTOCOL ||
+        reason == END_STREAM_REASON_INTERNAL ||
+        reason == END_STREAM_REASON_DESTROY) {
+      /* All three of these reasons could mean a failed tag
+       * hit the exit and it shat itself. Do not probe.
+       * Fail the circuit. */
+      circ->path_state = PATH_STATE_USE_FAILED;
+      return -END_CIRC_REASON_TORPROTOCOL;
+    } else {
+      /* Path bias: If we get a valid reason code from the exit,
+       * it wasn't due to tagging */
+      // XXX: This relies on recognized+digest being strong enough not
+      // to be spoofable.. Is that a valid assumption?
+      // Or more accurately: is it better than nothing? Can the attack
+      // be done offline?
+      circ->path_state = PATH_STATE_USE_SUCCEEDED;
+    }
   }
 
   if (rh->length > 0 && edge_reason_is_retriable(reason) &&

More information about the tor-commits mailing list