[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #1859 [Tor Client]: Using 'mytorexitnode.exit' request when mytorexitnode is both exit and client



#1859: Using 'mytorexitnode.exit' request when mytorexitnode is both exit and
client
------------------------+---------------------------------------------------
 Reporter:  mwenge      |       Owner:                     
     Type:  defect      |      Status:  needs_review       
 Priority:  normal      |   Milestone:                     
Component:  Tor Client  |     Version:  Tor: 0.2.2.12-alpha
 Keywords:              |      Parent:                     
------------------------+---------------------------------------------------

Comment(by mwenge):

 Replying to [comment:3 Sebastian]:
 > So here's my idea for a patch. I'm not sure if that can break in other
 cases, but it fixes the problem.
 >
 > {{{
 > diff --git a/src/or/routerlist.c b/src/or/routerlist.c
 > index 8808f56..f8b2b65 100644
 > --- a/src/or/routerlist.c
 > +++ b/src/or/routerlist.c
 > @@ -2408,12 +2408,16 @@ router_get_by_hexdigest(const char *hexdigest)
 >  routerinfo_t *
 >  router_get_by_digest(const char *digest)
 >  {
 > +  routerinfo_t * res = router_get_my_routerinfo();
 > +
 >    tor_assert(digest);
 >
 >    if (!routerlist) return NULL;
 >
 >    // routerlist_assert_ok(routerlist);
 >
 > +  if (res && !memcmp(res->cache_info.identity_digest, digest,
 DIGEST_LEN))
 > +    return res;
 >    return rimap_get(routerlist->identity_map, digest);
 >  }
 >
 > }}}

 I had:

 {{{
 diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
 index e5e7d22..4f75a6d 100644
 --- a/src/or/circuitbuild.c
 +++ b/src/or/circuitbuild.c
 @@ -3176,6 +3176,9 @@ build_state_get_exit_router(cpath_build_state_t
 *state)
  {
    if (!state || !state->chosen_exit)
      return NULL;
 +
 +  if (router_digest_is_me(state->chosen_exit->identity_digest))
 +    return router_get_my_routerinfo();
    return router_get_by_digest(state->chosen_exit->identity_digest);
  }
 }}}

 which does the same I think. One odd problem I encountered was that,
 although it fixed the circuit-building DOS, it resulted in a circuit being
 chosen with the wrong exit. Tor had tried to build a four-hop circuit with
 my Tor instance as the exit but the patch resulted in it using a three-hop
 circuit exiting somewhere else.

 I believe this is what yetonetime is alluding to. At least
 connection_ap_can_use_exit() relies on the presence of the exit in the
 routerlist with:

 {{{
     routerinfo_t *chosen_exit =
       router_get_by_nickname(conn->chosen_exit_name, 1);
 }}}

 It looks to me like supporting the scenario in the bug is a bit of a
 losing battle. Tor should probably fail gracefully I think and we don't
 have a patch for that yet.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1859#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs